This is page 8 of 50. Use http://codebase.md/better-auth/better-auth?lines=false&page={x} to view the full context.
# Directory Structure
```
├── .gitattributes
├── .github
│ ├── CODEOWNERS
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE
│ │ ├── bug_report.yml
│ │ └── feature_request.yml
│ ├── renovate.json5
│ └── workflows
│ ├── ci.yml
│ ├── e2e.yml
│ ├── preview.yml
│ └── release.yml
├── .gitignore
├── .npmrc
├── .nvmrc
├── .vscode
│ └── settings.json
├── banner-dark.png
├── banner.png
├── biome.json
├── bump.config.ts
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── demo
│ ├── expo-example
│ │ ├── .env.example
│ │ ├── .gitignore
│ │ ├── app.config.ts
│ │ ├── assets
│ │ │ ├── bg-image.jpeg
│ │ │ ├── fonts
│ │ │ │ └── SpaceMono-Regular.ttf
│ │ │ ├── icon.png
│ │ │ └── images
│ │ │ ├── adaptive-icon.png
│ │ │ ├── favicon.png
│ │ │ ├── logo.png
│ │ │ ├── partial-react-logo.png
│ │ │ ├── react-logo.png
│ │ │ ├── [email protected]
│ │ │ ├── [email protected]
│ │ │ └── splash.png
│ │ ├── babel.config.js
│ │ ├── components.json
│ │ ├── expo-env.d.ts
│ │ ├── index.ts
│ │ ├── metro.config.js
│ │ ├── nativewind-env.d.ts
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── app
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── api
│ │ │ │ │ └── auth
│ │ │ │ │ └── [...route]+api.ts
│ │ │ │ ├── dashboard.tsx
│ │ │ │ ├── forget-password.tsx
│ │ │ │ ├── index.tsx
│ │ │ │ └── sign-up.tsx
│ │ │ ├── components
│ │ │ │ ├── icons
│ │ │ │ │ └── google.tsx
│ │ │ │ └── ui
│ │ │ │ ├── avatar.tsx
│ │ │ │ ├── button.tsx
│ │ │ │ ├── card.tsx
│ │ │ │ ├── dialog.tsx
│ │ │ │ ├── input.tsx
│ │ │ │ ├── separator.tsx
│ │ │ │ └── text.tsx
│ │ │ ├── global.css
│ │ │ └── lib
│ │ │ ├── auth-client.ts
│ │ │ ├── auth.ts
│ │ │ ├── icons
│ │ │ │ ├── iconWithClassName.ts
│ │ │ │ └── X.tsx
│ │ │ └── utils.ts
│ │ ├── tailwind.config.js
│ │ └── tsconfig.json
│ └── nextjs
│ ├── .env.example
│ ├── .gitignore
│ ├── app
│ │ ├── (auth)
│ │ │ ├── forget-password
│ │ │ │ └── page.tsx
│ │ │ ├── reset-password
│ │ │ │ └── page.tsx
│ │ │ ├── sign-in
│ │ │ │ ├── loading.tsx
│ │ │ │ └── page.tsx
│ │ │ └── two-factor
│ │ │ ├── otp
│ │ │ │ └── page.tsx
│ │ │ └── page.tsx
│ │ ├── accept-invitation
│ │ │ └── [id]
│ │ │ ├── invitation-error.tsx
│ │ │ └── page.tsx
│ │ ├── admin
│ │ │ └── page.tsx
│ │ ├── api
│ │ │ └── auth
│ │ │ └── [...all]
│ │ │ └── route.ts
│ │ ├── apps
│ │ │ └── register
│ │ │ └── page.tsx
│ │ ├── client-test
│ │ │ └── page.tsx
│ │ ├── dashboard
│ │ │ ├── change-plan.tsx
│ │ │ ├── client.tsx
│ │ │ ├── organization-card.tsx
│ │ │ ├── page.tsx
│ │ │ ├── upgrade-button.tsx
│ │ │ └── user-card.tsx
│ │ ├── device
│ │ │ ├── approve
│ │ │ │ └── page.tsx
│ │ │ ├── denied
│ │ │ │ └── page.tsx
│ │ │ ├── layout.tsx
│ │ │ ├── page.tsx
│ │ │ └── success
│ │ │ └── page.tsx
│ │ ├── favicon.ico
│ │ ├── features.tsx
│ │ ├── fonts
│ │ │ ├── GeistMonoVF.woff
│ │ │ └── GeistVF.woff
│ │ ├── globals.css
│ │ ├── layout.tsx
│ │ ├── oauth
│ │ │ └── authorize
│ │ │ ├── concet-buttons.tsx
│ │ │ └── page.tsx
│ │ ├── page.tsx
│ │ └── pricing
│ │ └── page.tsx
│ ├── components
│ │ ├── account-switch.tsx
│ │ ├── blocks
│ │ │ └── pricing.tsx
│ │ ├── logo.tsx
│ │ ├── one-tap.tsx
│ │ ├── sign-in-btn.tsx
│ │ ├── sign-in.tsx
│ │ ├── sign-up.tsx
│ │ ├── theme-provider.tsx
│ │ ├── theme-toggle.tsx
│ │ ├── tier-labels.tsx
│ │ ├── ui
│ │ │ ├── accordion.tsx
│ │ │ ├── alert-dialog.tsx
│ │ │ ├── alert.tsx
│ │ │ ├── aspect-ratio.tsx
│ │ │ ├── avatar.tsx
│ │ │ ├── badge.tsx
│ │ │ ├── breadcrumb.tsx
│ │ │ ├── button.tsx
│ │ │ ├── calendar.tsx
│ │ │ ├── card.tsx
│ │ │ ├── carousel.tsx
│ │ │ ├── chart.tsx
│ │ │ ├── checkbox.tsx
│ │ │ ├── collapsible.tsx
│ │ │ ├── command.tsx
│ │ │ ├── context-menu.tsx
│ │ │ ├── copy-button.tsx
│ │ │ ├── dialog.tsx
│ │ │ ├── drawer.tsx
│ │ │ ├── dropdown-menu.tsx
│ │ │ ├── form.tsx
│ │ │ ├── hover-card.tsx
│ │ │ ├── input-otp.tsx
│ │ │ ├── input.tsx
│ │ │ ├── label.tsx
│ │ │ ├── menubar.tsx
│ │ │ ├── navigation-menu.tsx
│ │ │ ├── pagination.tsx
│ │ │ ├── password-input.tsx
│ │ │ ├── popover.tsx
│ │ │ ├── progress.tsx
│ │ │ ├── radio-group.tsx
│ │ │ ├── resizable.tsx
│ │ │ ├── scroll-area.tsx
│ │ │ ├── select.tsx
│ │ │ ├── separator.tsx
│ │ │ ├── sheet.tsx
│ │ │ ├── skeleton.tsx
│ │ │ ├── slider.tsx
│ │ │ ├── sonner.tsx
│ │ │ ├── switch.tsx
│ │ │ ├── table.tsx
│ │ │ ├── tabs.tsx
│ │ │ ├── tabs2.tsx
│ │ │ ├── textarea.tsx
│ │ │ ├── toast.tsx
│ │ │ ├── toaster.tsx
│ │ │ ├── toggle-group.tsx
│ │ │ ├── toggle.tsx
│ │ │ └── tooltip.tsx
│ │ └── wrapper.tsx
│ ├── components.json
│ ├── hooks
│ │ └── use-toast.ts
│ ├── lib
│ │ ├── auth-client.ts
│ │ ├── auth-types.ts
│ │ ├── auth.ts
│ │ ├── email
│ │ │ ├── invitation.tsx
│ │ │ ├── resend.ts
│ │ │ └── reset-password.tsx
│ │ ├── metadata.ts
│ │ ├── shared.ts
│ │ └── utils.ts
│ ├── next.config.ts
│ ├── package.json
│ ├── postcss.config.mjs
│ ├── proxy.ts
│ ├── public
│ │ ├── __og.png
│ │ ├── _og.png
│ │ ├── favicon
│ │ │ ├── android-chrome-192x192.png
│ │ │ ├── android-chrome-512x512.png
│ │ │ ├── apple-touch-icon.png
│ │ │ ├── favicon-16x16.png
│ │ │ ├── favicon-32x32.png
│ │ │ ├── favicon.ico
│ │ │ ├── light
│ │ │ │ ├── android-chrome-192x192.png
│ │ │ │ ├── android-chrome-512x512.png
│ │ │ │ ├── apple-touch-icon.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ └── site.webmanifest
│ │ │ └── site.webmanifest
│ │ ├── logo.svg
│ │ └── og.png
│ ├── README.md
│ ├── tailwind.config.ts
│ ├── tsconfig.json
│ └── turbo.json
├── docker-compose.yml
├── docs
│ ├── .env.example
│ ├── .gitignore
│ ├── app
│ │ ├── api
│ │ │ ├── ai-chat
│ │ │ │ └── route.ts
│ │ │ ├── analytics
│ │ │ │ ├── conversation
│ │ │ │ │ └── route.ts
│ │ │ │ ├── event
│ │ │ │ │ └── route.ts
│ │ │ │ └── feedback
│ │ │ │ └── route.ts
│ │ │ ├── chat
│ │ │ │ └── route.ts
│ │ │ ├── og
│ │ │ │ └── route.tsx
│ │ │ ├── og-release
│ │ │ │ └── route.tsx
│ │ │ ├── search
│ │ │ │ └── route.ts
│ │ │ └── support
│ │ │ └── route.ts
│ │ ├── blog
│ │ │ ├── _components
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── blog-list.tsx
│ │ │ │ ├── changelog-layout.tsx
│ │ │ │ ├── default-changelog.tsx
│ │ │ │ ├── fmt-dates.tsx
│ │ │ │ ├── icons.tsx
│ │ │ │ ├── stat-field.tsx
│ │ │ │ └── support.tsx
│ │ │ ├── [[...slug]]
│ │ │ │ └── page.tsx
│ │ │ └── layout.tsx
│ │ ├── changelogs
│ │ │ ├── _components
│ │ │ │ ├── _layout.tsx
│ │ │ │ ├── changelog-layout.tsx
│ │ │ │ ├── default-changelog.tsx
│ │ │ │ ├── fmt-dates.tsx
│ │ │ │ ├── grid-pattern.tsx
│ │ │ │ ├── icons.tsx
│ │ │ │ └── stat-field.tsx
│ │ │ ├── [[...slug]]
│ │ │ │ └── page.tsx
│ │ │ └── layout.tsx
│ │ ├── community
│ │ │ ├── _components
│ │ │ │ ├── header.tsx
│ │ │ │ └── stats.tsx
│ │ │ └── page.tsx
│ │ ├── docs
│ │ │ ├── [[...slug]]
│ │ │ │ ├── page.client.tsx
│ │ │ │ └── page.tsx
│ │ │ ├── layout.tsx
│ │ │ └── lib
│ │ │ └── get-llm-text.ts
│ │ ├── global.css
│ │ ├── layout.config.tsx
│ │ ├── layout.tsx
│ │ ├── llms.txt
│ │ │ ├── [...slug]
│ │ │ │ └── route.ts
│ │ │ └── route.ts
│ │ ├── not-found.tsx
│ │ ├── page.tsx
│ │ ├── reference
│ │ │ └── route.ts
│ │ ├── sitemap.xml
│ │ ├── static.json
│ │ │ └── route.ts
│ │ └── v1
│ │ ├── _components
│ │ │ └── v1-text.tsx
│ │ ├── bg-line.tsx
│ │ └── page.tsx
│ ├── assets
│ │ ├── Geist.ttf
│ │ └── GeistMono.ttf
│ ├── components
│ │ ├── ai-chat-modal.tsx
│ │ ├── anchor-scroll-fix.tsx
│ │ ├── api-method-tabs.tsx
│ │ ├── api-method.tsx
│ │ ├── banner.tsx
│ │ ├── blocks
│ │ │ └── features.tsx
│ │ ├── builder
│ │ │ ├── beam.tsx
│ │ │ ├── code-tabs
│ │ │ │ ├── code-editor.tsx
│ │ │ │ ├── code-tabs.tsx
│ │ │ │ ├── index.tsx
│ │ │ │ ├── tab-bar.tsx
│ │ │ │ └── theme.ts
│ │ │ ├── index.tsx
│ │ │ ├── sign-in.tsx
│ │ │ ├── sign-up.tsx
│ │ │ ├── social-provider.tsx
│ │ │ ├── store.ts
│ │ │ └── tabs.tsx
│ │ ├── display-techstack.tsx
│ │ ├── divider-text.tsx
│ │ ├── docs
│ │ │ ├── docs.client.tsx
│ │ │ ├── docs.tsx
│ │ │ ├── layout
│ │ │ │ ├── nav.tsx
│ │ │ │ ├── theme-toggle.tsx
│ │ │ │ ├── toc-thumb.tsx
│ │ │ │ └── toc.tsx
│ │ │ ├── page.client.tsx
│ │ │ ├── page.tsx
│ │ │ ├── shared.tsx
│ │ │ └── ui
│ │ │ ├── button.tsx
│ │ │ ├── collapsible.tsx
│ │ │ ├── popover.tsx
│ │ │ └── scroll-area.tsx
│ │ ├── endpoint.tsx
│ │ ├── features.tsx
│ │ ├── floating-ai-search.tsx
│ │ ├── fork-button.tsx
│ │ ├── generate-apple-jwt.tsx
│ │ ├── generate-secret.tsx
│ │ ├── github-stat.tsx
│ │ ├── icons.tsx
│ │ ├── landing
│ │ │ ├── gradient-bg.tsx
│ │ │ ├── grid-pattern.tsx
│ │ │ ├── hero.tsx
│ │ │ ├── section-svg.tsx
│ │ │ ├── section.tsx
│ │ │ ├── spotlight.tsx
│ │ │ └── testimonials.tsx
│ │ ├── logo-context-menu.tsx
│ │ ├── logo.tsx
│ │ ├── markdown-renderer.tsx
│ │ ├── markdown.tsx
│ │ ├── mdx
│ │ │ ├── add-to-cursor.tsx
│ │ │ └── database-tables.tsx
│ │ ├── message-feedback.tsx
│ │ ├── mobile-search-icon.tsx
│ │ ├── nav-bar.tsx
│ │ ├── nav-link.tsx
│ │ ├── nav-mobile.tsx
│ │ ├── promo-card.tsx
│ │ ├── resource-card.tsx
│ │ ├── resource-grid.tsx
│ │ ├── resource-section.tsx
│ │ ├── ripple.tsx
│ │ ├── search-dialog.tsx
│ │ ├── side-bar.tsx
│ │ ├── sidebar-content.tsx
│ │ ├── techstack-icons.tsx
│ │ ├── theme-provider.tsx
│ │ ├── theme-toggler.tsx
│ │ └── ui
│ │ ├── accordion.tsx
│ │ ├── alert-dialog.tsx
│ │ ├── alert.tsx
│ │ ├── aside-link.tsx
│ │ ├── aspect-ratio.tsx
│ │ ├── avatar.tsx
│ │ ├── background-beams.tsx
│ │ ├── background-boxes.tsx
│ │ ├── badge.tsx
│ │ ├── breadcrumb.tsx
│ │ ├── button.tsx
│ │ ├── calendar.tsx
│ │ ├── callout.tsx
│ │ ├── card.tsx
│ │ ├── carousel.tsx
│ │ ├── chart.tsx
│ │ ├── checkbox.tsx
│ │ ├── code-block.tsx
│ │ ├── collapsible.tsx
│ │ ├── command.tsx
│ │ ├── context-menu.tsx
│ │ ├── dialog.tsx
│ │ ├── drawer.tsx
│ │ ├── dropdown-menu.tsx
│ │ ├── dynamic-code-block.tsx
│ │ ├── fade-in.tsx
│ │ ├── form.tsx
│ │ ├── hover-card.tsx
│ │ ├── input-otp.tsx
│ │ ├── input.tsx
│ │ ├── label.tsx
│ │ ├── menubar.tsx
│ │ ├── navigation-menu.tsx
│ │ ├── pagination.tsx
│ │ ├── popover.tsx
│ │ ├── progress.tsx
│ │ ├── radio-group.tsx
│ │ ├── resizable.tsx
│ │ ├── scroll-area.tsx
│ │ ├── select.tsx
│ │ ├── separator.tsx
│ │ ├── sheet.tsx
│ │ ├── sidebar.tsx
│ │ ├── skeleton.tsx
│ │ ├── slider.tsx
│ │ ├── sonner.tsx
│ │ ├── sparkles.tsx
│ │ ├── switch.tsx
│ │ ├── table.tsx
│ │ ├── tabs.tsx
│ │ ├── textarea.tsx
│ │ ├── toggle-group.tsx
│ │ ├── toggle.tsx
│ │ ├── tooltip-docs.tsx
│ │ ├── tooltip.tsx
│ │ └── use-copy-button.tsx
│ ├── components.json
│ ├── content
│ │ ├── blogs
│ │ │ ├── 0-supabase-auth-to-planetscale-migration.mdx
│ │ │ ├── 1-3.mdx
│ │ │ ├── authjs-joins-better-auth.mdx
│ │ │ └── seed-round.mdx
│ │ ├── changelogs
│ │ │ ├── 1-2.mdx
│ │ │ └── 1.0.mdx
│ │ └── docs
│ │ ├── adapters
│ │ │ ├── community-adapters.mdx
│ │ │ ├── drizzle.mdx
│ │ │ ├── mongo.mdx
│ │ │ ├── mssql.mdx
│ │ │ ├── mysql.mdx
│ │ │ ├── other-relational-databases.mdx
│ │ │ ├── postgresql.mdx
│ │ │ ├── prisma.mdx
│ │ │ └── sqlite.mdx
│ │ ├── authentication
│ │ │ ├── apple.mdx
│ │ │ ├── atlassian.mdx
│ │ │ ├── cognito.mdx
│ │ │ ├── discord.mdx
│ │ │ ├── dropbox.mdx
│ │ │ ├── email-password.mdx
│ │ │ ├── facebook.mdx
│ │ │ ├── figma.mdx
│ │ │ ├── github.mdx
│ │ │ ├── gitlab.mdx
│ │ │ ├── google.mdx
│ │ │ ├── huggingface.mdx
│ │ │ ├── kakao.mdx
│ │ │ ├── kick.mdx
│ │ │ ├── line.mdx
│ │ │ ├── linear.mdx
│ │ │ ├── linkedin.mdx
│ │ │ ├── microsoft.mdx
│ │ │ ├── naver.mdx
│ │ │ ├── notion.mdx
│ │ │ ├── other-social-providers.mdx
│ │ │ ├── paypal.mdx
│ │ │ ├── reddit.mdx
│ │ │ ├── roblox.mdx
│ │ │ ├── salesforce.mdx
│ │ │ ├── slack.mdx
│ │ │ ├── spotify.mdx
│ │ │ ├── tiktok.mdx
│ │ │ ├── twitch.mdx
│ │ │ ├── twitter.mdx
│ │ │ ├── vk.mdx
│ │ │ └── zoom.mdx
│ │ ├── basic-usage.mdx
│ │ ├── comparison.mdx
│ │ ├── concepts
│ │ │ ├── api.mdx
│ │ │ ├── cli.mdx
│ │ │ ├── client.mdx
│ │ │ ├── cookies.mdx
│ │ │ ├── database.mdx
│ │ │ ├── email.mdx
│ │ │ ├── hooks.mdx
│ │ │ ├── oauth.mdx
│ │ │ ├── plugins.mdx
│ │ │ ├── rate-limit.mdx
│ │ │ ├── session-management.mdx
│ │ │ ├── typescript.mdx
│ │ │ └── users-accounts.mdx
│ │ ├── examples
│ │ │ ├── astro.mdx
│ │ │ ├── next-js.mdx
│ │ │ ├── nuxt.mdx
│ │ │ ├── remix.mdx
│ │ │ └── svelte-kit.mdx
│ │ ├── guides
│ │ │ ├── auth0-migration-guide.mdx
│ │ │ ├── browser-extension-guide.mdx
│ │ │ ├── clerk-migration-guide.mdx
│ │ │ ├── create-a-db-adapter.mdx
│ │ │ ├── next-auth-migration-guide.mdx
│ │ │ ├── optimizing-for-performance.mdx
│ │ │ ├── saml-sso-with-okta.mdx
│ │ │ ├── supabase-migration-guide.mdx
│ │ │ └── your-first-plugin.mdx
│ │ ├── installation.mdx
│ │ ├── integrations
│ │ │ ├── astro.mdx
│ │ │ ├── convex.mdx
│ │ │ ├── elysia.mdx
│ │ │ ├── expo.mdx
│ │ │ ├── express.mdx
│ │ │ ├── fastify.mdx
│ │ │ ├── hono.mdx
│ │ │ ├── lynx.mdx
│ │ │ ├── nestjs.mdx
│ │ │ ├── next.mdx
│ │ │ ├── nitro.mdx
│ │ │ ├── nuxt.mdx
│ │ │ ├── remix.mdx
│ │ │ ├── solid-start.mdx
│ │ │ ├── svelte-kit.mdx
│ │ │ ├── tanstack.mdx
│ │ │ └── waku.mdx
│ │ ├── introduction.mdx
│ │ ├── meta.json
│ │ ├── plugins
│ │ │ ├── 2fa.mdx
│ │ │ ├── admin.mdx
│ │ │ ├── anonymous.mdx
│ │ │ ├── api-key.mdx
│ │ │ ├── autumn.mdx
│ │ │ ├── bearer.mdx
│ │ │ ├── captcha.mdx
│ │ │ ├── community-plugins.mdx
│ │ │ ├── device-authorization.mdx
│ │ │ ├── dodopayments.mdx
│ │ │ ├── dub.mdx
│ │ │ ├── email-otp.mdx
│ │ │ ├── generic-oauth.mdx
│ │ │ ├── have-i-been-pwned.mdx
│ │ │ ├── jwt.mdx
│ │ │ ├── last-login-method.mdx
│ │ │ ├── magic-link.mdx
│ │ │ ├── mcp.mdx
│ │ │ ├── multi-session.mdx
│ │ │ ├── oauth-proxy.mdx
│ │ │ ├── oidc-provider.mdx
│ │ │ ├── one-tap.mdx
│ │ │ ├── one-time-token.mdx
│ │ │ ├── open-api.mdx
│ │ │ ├── organization.mdx
│ │ │ ├── passkey.mdx
│ │ │ ├── phone-number.mdx
│ │ │ ├── polar.mdx
│ │ │ ├── siwe.mdx
│ │ │ ├── sso.mdx
│ │ │ ├── stripe.mdx
│ │ │ └── username.mdx
│ │ └── reference
│ │ ├── contributing.mdx
│ │ ├── faq.mdx
│ │ ├── options.mdx
│ │ ├── resources.mdx
│ │ ├── security.mdx
│ │ └── telemetry.mdx
│ ├── hooks
│ │ └── use-mobile.ts
│ ├── ignore-build.sh
│ ├── lib
│ │ ├── blog.ts
│ │ ├── chat
│ │ │ └── inkeep-qa-schema.ts
│ │ ├── constants.ts
│ │ ├── export-search-indexes.ts
│ │ ├── inkeep-analytics.ts
│ │ ├── is-active.ts
│ │ ├── metadata.ts
│ │ ├── source.ts
│ │ └── utils.ts
│ ├── next.config.js
│ ├── package.json
│ ├── postcss.config.js
│ ├── proxy.ts
│ ├── public
│ │ ├── avatars
│ │ │ └── beka.jpg
│ │ ├── blogs
│ │ │ ├── authjs-joins.png
│ │ │ ├── seed-round.png
│ │ │ └── supabase-ps.png
│ │ ├── branding
│ │ │ ├── better-auth-brand-assets.zip
│ │ │ ├── better-auth-logo-dark.png
│ │ │ ├── better-auth-logo-dark.svg
│ │ │ ├── better-auth-logo-light.png
│ │ │ ├── better-auth-logo-light.svg
│ │ │ ├── better-auth-logo-wordmark-dark.png
│ │ │ ├── better-auth-logo-wordmark-dark.svg
│ │ │ ├── better-auth-logo-wordmark-light.png
│ │ │ └── better-auth-logo-wordmark-light.svg
│ │ ├── extension-id.png
│ │ ├── favicon
│ │ │ ├── android-chrome-192x192.png
│ │ │ ├── android-chrome-512x512.png
│ │ │ ├── apple-touch-icon.png
│ │ │ ├── favicon-16x16.png
│ │ │ ├── favicon-32x32.png
│ │ │ ├── favicon.ico
│ │ │ ├── light
│ │ │ │ ├── android-chrome-192x192.png
│ │ │ │ ├── android-chrome-512x512.png
│ │ │ │ ├── apple-touch-icon.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ └── site.webmanifest
│ │ │ └── site.webmanifest
│ │ ├── images
│ │ │ └── blogs
│ │ │ └── better auth (1).png
│ │ ├── logo.png
│ │ ├── logo.svg
│ │ ├── LogoDark.webp
│ │ ├── LogoLight.webp
│ │ ├── og.png
│ │ ├── open-api-reference.png
│ │ ├── people-say
│ │ │ ├── code-with-antonio.jpg
│ │ │ ├── dagmawi-babi.png
│ │ │ ├── dax.png
│ │ │ ├── dev-ed.png
│ │ │ ├── egoist.png
│ │ │ ├── guillermo-rauch.png
│ │ │ ├── jonathan-wilke.png
│ │ │ ├── josh-tried-coding.jpg
│ │ │ ├── kitze.jpg
│ │ │ ├── lazar-nikolov.png
│ │ │ ├── nizzy.png
│ │ │ ├── omar-mcadam.png
│ │ │ ├── ryan-vogel.jpg
│ │ │ ├── saltyatom.jpg
│ │ │ ├── sebastien-chopin.png
│ │ │ ├── shreyas-mididoddi.png
│ │ │ ├── tech-nerd.png
│ │ │ ├── theo.png
│ │ │ ├── vybhav-bhargav.png
│ │ │ └── xavier-pladevall.jpg
│ │ ├── plus.svg
│ │ ├── release-og
│ │ │ ├── 1-2.png
│ │ │ ├── 1-3.png
│ │ │ └── changelog-og.png
│ │ └── v1-og.png
│ ├── README.md
│ ├── scripts
│ │ ├── endpoint-to-doc
│ │ │ ├── index.ts
│ │ │ ├── input.ts
│ │ │ ├── output.mdx
│ │ │ └── readme.md
│ │ └── sync-orama.ts
│ ├── source.config.ts
│ ├── tailwind.config.js
│ ├── tsconfig.json
│ └── turbo.json
├── e2e
│ ├── integration
│ │ ├── package.json
│ │ ├── playwright.config.ts
│ │ ├── solid-vinxi
│ │ │ ├── .gitignore
│ │ │ ├── app.config.ts
│ │ │ ├── e2e
│ │ │ │ ├── test.spec.ts
│ │ │ │ └── utils.ts
│ │ │ ├── package.json
│ │ │ ├── public
│ │ │ │ └── favicon.ico
│ │ │ ├── src
│ │ │ │ ├── app.tsx
│ │ │ │ ├── entry-client.tsx
│ │ │ │ ├── entry-server.tsx
│ │ │ │ ├── global.d.ts
│ │ │ │ ├── lib
│ │ │ │ │ ├── auth-client.ts
│ │ │ │ │ └── auth.ts
│ │ │ │ └── routes
│ │ │ │ ├── [...404].tsx
│ │ │ │ ├── api
│ │ │ │ │ └── auth
│ │ │ │ │ └── [...all].ts
│ │ │ │ └── index.tsx
│ │ │ └── tsconfig.json
│ │ ├── test-utils
│ │ │ ├── package.json
│ │ │ └── src
│ │ │ └── playwright.ts
│ │ └── vanilla-node
│ │ ├── e2e
│ │ │ ├── app.ts
│ │ │ ├── domain.spec.ts
│ │ │ ├── postgres-js.spec.ts
│ │ │ ├── test.spec.ts
│ │ │ └── utils.ts
│ │ ├── index.html
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── main.ts
│ │ │ └── vite-env.d.ts
│ │ ├── tsconfig.json
│ │ └── vite.config.ts
│ └── smoke
│ ├── package.json
│ ├── test
│ │ ├── bun.spec.ts
│ │ ├── cloudflare.spec.ts
│ │ ├── deno.spec.ts
│ │ ├── fixtures
│ │ │ ├── bun-simple.ts
│ │ │ ├── cloudflare
│ │ │ │ ├── .gitignore
│ │ │ │ ├── drizzle
│ │ │ │ │ ├── 0000_clean_vector.sql
│ │ │ │ │ └── meta
│ │ │ │ │ ├── _journal.json
│ │ │ │ │ └── 0000_snapshot.json
│ │ │ │ ├── drizzle.config.ts
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── auth-schema.ts
│ │ │ │ │ ├── db.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── test
│ │ │ │ │ ├── apply-migrations.ts
│ │ │ │ │ ├── env.d.ts
│ │ │ │ │ └── index.test.ts
│ │ │ │ ├── tsconfig.json
│ │ │ │ ├── vitest.config.ts
│ │ │ │ ├── worker-configuration.d.ts
│ │ │ │ └── wrangler.json
│ │ │ ├── deno-simple.ts
│ │ │ ├── tsconfig-decelration
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── demo.ts
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-exact-optional-property-types
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── organization.ts
│ │ │ │ │ ├── user-additional-fields.ts
│ │ │ │ │ └── username.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-isolated-module-bundler
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ ├── tsconfig-verbatim-module-syntax-node10
│ │ │ │ ├── package.json
│ │ │ │ ├── src
│ │ │ │ │ └── index.ts
│ │ │ │ └── tsconfig.json
│ │ │ └── vite
│ │ │ ├── package.json
│ │ │ ├── src
│ │ │ │ ├── client.ts
│ │ │ │ └── server.ts
│ │ │ ├── tsconfig.json
│ │ │ └── vite.config.ts
│ │ ├── ssr.ts
│ │ ├── typecheck.spec.ts
│ │ └── vite.spec.ts
│ └── tsconfig.json
├── LICENSE.md
├── package.json
├── packages
│ ├── better-auth
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── __snapshots__
│ │ │ │ └── init.test.ts.snap
│ │ │ ├── adapters
│ │ │ │ ├── adapter-factory
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── test
│ │ │ │ │ │ ├── __snapshots__
│ │ │ │ │ │ │ └── adapter-factory.test.ts.snap
│ │ │ │ │ │ └── adapter-factory.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── create-test-suite.ts
│ │ │ │ ├── drizzle-adapter
│ │ │ │ │ ├── drizzle-adapter.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── test
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── adapter.drizzle.mysql.test.ts
│ │ │ │ │ ├── adapter.drizzle.pg.test.ts
│ │ │ │ │ ├── adapter.drizzle.sqlite.test.ts
│ │ │ │ │ └── generate-schema.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kysely-adapter
│ │ │ │ │ ├── bun-sqlite-dialect.ts
│ │ │ │ │ ├── dialect.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── kysely-adapter.ts
│ │ │ │ │ ├── node-sqlite-dialect.ts
│ │ │ │ │ ├── test
│ │ │ │ │ │ ├── adapter.kysely.mssql.test.ts
│ │ │ │ │ │ ├── adapter.kysely.mysql.test.ts
│ │ │ │ │ │ ├── adapter.kysely.pg.test.ts
│ │ │ │ │ │ ├── adapter.kysely.sqlite.test.ts
│ │ │ │ │ │ └── node-sqlite-dialect.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── memory-adapter
│ │ │ │ │ ├── adapter.memory.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── memory-adapter.ts
│ │ │ │ ├── mongodb-adapter
│ │ │ │ │ ├── adapter.mongo-db.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── mongodb-adapter.ts
│ │ │ │ ├── prisma-adapter
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── prisma-adapter.ts
│ │ │ │ │ └── test
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── base.prisma
│ │ │ │ │ ├── generate-auth-config.ts
│ │ │ │ │ ├── generate-prisma-schema.ts
│ │ │ │ │ ├── get-prisma-client.ts
│ │ │ │ │ ├── prisma.mysql.test.ts
│ │ │ │ │ ├── prisma.pg.test.ts
│ │ │ │ │ ├── prisma.sqlite.test.ts
│ │ │ │ │ └── push-prisma-schema.ts
│ │ │ │ ├── test-adapter.ts
│ │ │ │ ├── test.ts
│ │ │ │ ├── tests
│ │ │ │ │ ├── auth-flow.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── normal.ts
│ │ │ │ │ ├── number-id.ts
│ │ │ │ │ ├── performance.ts
│ │ │ │ │ └── transactions.ts
│ │ │ │ └── utils.ts
│ │ │ ├── api
│ │ │ │ ├── check-endpoint-conflicts.test.ts
│ │ │ │ ├── index.test.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── middlewares
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── origin-check.test.ts
│ │ │ │ │ └── origin-check.ts
│ │ │ │ ├── rate-limiter
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── rate-limiter.test.ts
│ │ │ │ ├── routes
│ │ │ │ │ ├── account.test.ts
│ │ │ │ │ ├── account.ts
│ │ │ │ │ ├── callback.ts
│ │ │ │ │ ├── email-verification.test.ts
│ │ │ │ │ ├── email-verification.ts
│ │ │ │ │ ├── error.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── ok.ts
│ │ │ │ │ ├── reset-password.test.ts
│ │ │ │ │ ├── reset-password.ts
│ │ │ │ │ ├── session-api.test.ts
│ │ │ │ │ ├── session.ts
│ │ │ │ │ ├── sign-in.test.ts
│ │ │ │ │ ├── sign-in.ts
│ │ │ │ │ ├── sign-out.test.ts
│ │ │ │ │ ├── sign-out.ts
│ │ │ │ │ ├── sign-up.test.ts
│ │ │ │ │ ├── sign-up.ts
│ │ │ │ │ ├── update-user.test.ts
│ │ │ │ │ └── update-user.ts
│ │ │ │ ├── to-auth-endpoints.test.ts
│ │ │ │ └── to-auth-endpoints.ts
│ │ │ ├── auth.test.ts
│ │ │ ├── auth.ts
│ │ │ ├── call.test.ts
│ │ │ ├── client
│ │ │ │ ├── client-ssr.test.ts
│ │ │ │ ├── client.test.ts
│ │ │ │ ├── config.ts
│ │ │ │ ├── fetch-plugins.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── lynx
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── lynx-store.ts
│ │ │ │ ├── parser.ts
│ │ │ │ ├── path-to-object.ts
│ │ │ │ ├── plugins
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── infer-plugin.ts
│ │ │ │ ├── proxy.ts
│ │ │ │ ├── query.ts
│ │ │ │ ├── react
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── react-store.ts
│ │ │ │ ├── session-atom.ts
│ │ │ │ ├── solid
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── solid-store.ts
│ │ │ │ ├── svelte
│ │ │ │ │ └── index.ts
│ │ │ │ ├── test-plugin.ts
│ │ │ │ ├── types.ts
│ │ │ │ ├── url.test.ts
│ │ │ │ ├── vanilla.ts
│ │ │ │ └── vue
│ │ │ │ ├── index.ts
│ │ │ │ └── vue-store.ts
│ │ │ ├── cookies
│ │ │ │ ├── check-cookies.ts
│ │ │ │ ├── cookie-utils.ts
│ │ │ │ ├── cookies.test.ts
│ │ │ │ └── index.ts
│ │ │ ├── crypto
│ │ │ │ ├── buffer.ts
│ │ │ │ ├── hash.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── jwt.ts
│ │ │ │ ├── password.test.ts
│ │ │ │ ├── password.ts
│ │ │ │ └── random.ts
│ │ │ ├── db
│ │ │ │ ├── db.test.ts
│ │ │ │ ├── field.ts
│ │ │ │ ├── get-migration.ts
│ │ │ │ ├── get-schema.ts
│ │ │ │ ├── get-tables.test.ts
│ │ │ │ ├── get-tables.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── internal-adapter.test.ts
│ │ │ │ ├── internal-adapter.ts
│ │ │ │ ├── schema.ts
│ │ │ │ ├── secondary-storage.test.ts
│ │ │ │ ├── to-zod.ts
│ │ │ │ ├── utils.ts
│ │ │ │ └── with-hooks.ts
│ │ │ ├── index.ts
│ │ │ ├── init.test.ts
│ │ │ ├── init.ts
│ │ │ ├── integrations
│ │ │ │ ├── next-js.ts
│ │ │ │ ├── node.ts
│ │ │ │ ├── react-start.ts
│ │ │ │ ├── solid-start.ts
│ │ │ │ └── svelte-kit.ts
│ │ │ ├── oauth2
│ │ │ │ ├── index.ts
│ │ │ │ ├── link-account.test.ts
│ │ │ │ ├── link-account.ts
│ │ │ │ ├── state.ts
│ │ │ │ └── utils.ts
│ │ │ ├── plugins
│ │ │ │ ├── access
│ │ │ │ │ ├── access.test.ts
│ │ │ │ │ ├── access.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── additional-fields
│ │ │ │ │ ├── additional-fields.test.ts
│ │ │ │ │ └── client.ts
│ │ │ │ ├── admin
│ │ │ │ │ ├── access
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ └── statement.ts
│ │ │ │ │ ├── admin.test.ts
│ │ │ │ │ ├── admin.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── has-permission.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── anonymous
│ │ │ │ │ ├── anon.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── api-key
│ │ │ │ │ ├── api-key.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── rate-limit.ts
│ │ │ │ │ ├── routes
│ │ │ │ │ │ ├── create-api-key.ts
│ │ │ │ │ │ ├── delete-all-expired-api-keys.ts
│ │ │ │ │ │ ├── delete-api-key.ts
│ │ │ │ │ │ ├── get-api-key.ts
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ ├── list-api-keys.ts
│ │ │ │ │ │ ├── update-api-key.ts
│ │ │ │ │ │ └── verify-api-key.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── bearer
│ │ │ │ │ ├── bearer.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── captcha
│ │ │ │ │ ├── captcha.test.ts
│ │ │ │ │ ├── constants.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── utils.ts
│ │ │ │ │ └── verify-handlers
│ │ │ │ │ ├── captchafox.ts
│ │ │ │ │ ├── cloudflare-turnstile.ts
│ │ │ │ │ ├── google-recaptcha.ts
│ │ │ │ │ ├── h-captcha.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── custom-session
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── custom-session.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── device-authorization
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── device-authorization.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── schema.ts
│ │ │ │ ├── email-otp
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── email-otp.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── generic-oauth
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── generic-oauth.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── haveibeenpwned
│ │ │ │ │ ├── haveibeenpwned.test.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── jwt
│ │ │ │ │ ├── adapter.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── jwt.test.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── sign.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── last-login-method
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── custom-prefix.test.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── last-login-method.test.ts
│ │ │ │ ├── magic-link
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── magic-link.test.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── mcp
│ │ │ │ │ ├── authorize.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── mcp.test.ts
│ │ │ │ ├── multi-session
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── multi-session.test.ts
│ │ │ │ ├── oauth-proxy
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── oauth-proxy.test.ts
│ │ │ │ ├── oidc-provider
│ │ │ │ │ ├── authorize.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── oidc.test.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── ui.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── one-tap
│ │ │ │ │ ├── client.ts
│ │ │ │ │ └── index.ts
│ │ │ │ ├── one-time-token
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── one-time-token.test.ts
│ │ │ │ │ └── utils.ts
│ │ │ │ ├── open-api
│ │ │ │ │ ├── generator.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── logo.ts
│ │ │ │ │ └── open-api.test.ts
│ │ │ │ ├── organization
│ │ │ │ │ ├── access
│ │ │ │ │ │ ├── index.ts
│ │ │ │ │ │ └── statement.ts
│ │ │ │ │ ├── adapter.ts
│ │ │ │ │ ├── call.ts
│ │ │ │ │ ├── client.test.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── error-codes.ts
│ │ │ │ │ ├── has-permission.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── organization-hook.test.ts
│ │ │ │ │ ├── organization.test.ts
│ │ │ │ │ ├── organization.ts
│ │ │ │ │ ├── permission.ts
│ │ │ │ │ ├── routes
│ │ │ │ │ │ ├── crud-access-control.test.ts
│ │ │ │ │ │ ├── crud-access-control.ts
│ │ │ │ │ │ ├── crud-invites.ts
│ │ │ │ │ │ ├── crud-members.test.ts
│ │ │ │ │ │ ├── crud-members.ts
│ │ │ │ │ │ ├── crud-org.test.ts
│ │ │ │ │ │ ├── crud-org.ts
│ │ │ │ │ │ └── crud-team.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── team.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── passkey
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ └── passkey.test.ts
│ │ │ │ ├── phone-number
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── phone-number-error.ts
│ │ │ │ │ └── phone-number.test.ts
│ │ │ │ ├── siwe
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── siwe.test.ts
│ │ │ │ │ └── types.ts
│ │ │ │ ├── two-factor
│ │ │ │ │ ├── backup-codes
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── client.ts
│ │ │ │ │ ├── constant.ts
│ │ │ │ │ ├── error-code.ts
│ │ │ │ │ ├── index.ts
│ │ │ │ │ ├── otp
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── schema.ts
│ │ │ │ │ ├── totp
│ │ │ │ │ │ └── index.ts
│ │ │ │ │ ├── two-factor.test.ts
│ │ │ │ │ ├── types.ts
│ │ │ │ │ ├── utils.ts
│ │ │ │ │ └── verify-two-factor.ts
│ │ │ │ └── username
│ │ │ │ ├── client.ts
│ │ │ │ ├── error-codes.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── schema.ts
│ │ │ │ └── username.test.ts
│ │ │ ├── social-providers
│ │ │ │ └── index.ts
│ │ │ ├── social.test.ts
│ │ │ ├── test-utils
│ │ │ │ ├── headers.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── state.ts
│ │ │ │ └── test-instance.ts
│ │ │ ├── types
│ │ │ │ ├── adapter.ts
│ │ │ │ ├── api.ts
│ │ │ │ ├── helper.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── models.ts
│ │ │ │ ├── plugins.ts
│ │ │ │ └── types.test.ts
│ │ │ └── utils
│ │ │ ├── await-object.ts
│ │ │ ├── boolean.ts
│ │ │ ├── clone.ts
│ │ │ ├── constants.ts
│ │ │ ├── date.ts
│ │ │ ├── ensure-utc.ts
│ │ │ ├── get-request-ip.ts
│ │ │ ├── hashing.ts
│ │ │ ├── hide-metadata.ts
│ │ │ ├── id.ts
│ │ │ ├── import-util.ts
│ │ │ ├── index.ts
│ │ │ ├── is-atom.ts
│ │ │ ├── is-promise.ts
│ │ │ ├── json.ts
│ │ │ ├── merger.ts
│ │ │ ├── middleware-response.ts
│ │ │ ├── misc.ts
│ │ │ ├── password.ts
│ │ │ ├── plugin-helper.ts
│ │ │ ├── shim.ts
│ │ │ ├── time.ts
│ │ │ ├── url.ts
│ │ │ └── wildcard.ts
│ │ ├── tsconfig.json
│ │ ├── tsdown.config.ts
│ │ └── vitest.config.ts
│ ├── cli
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── commands
│ │ │ │ ├── generate.ts
│ │ │ │ ├── info.ts
│ │ │ │ ├── init.ts
│ │ │ │ ├── login.ts
│ │ │ │ ├── mcp.ts
│ │ │ │ ├── migrate.ts
│ │ │ │ └── secret.ts
│ │ │ ├── generators
│ │ │ │ ├── auth-config.ts
│ │ │ │ ├── drizzle.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kysely.ts
│ │ │ │ ├── prisma.ts
│ │ │ │ └── types.ts
│ │ │ ├── index.ts
│ │ │ └── utils
│ │ │ ├── add-svelte-kit-env-modules.ts
│ │ │ ├── check-package-managers.ts
│ │ │ ├── format-ms.ts
│ │ │ ├── get-config.ts
│ │ │ ├── get-package-info.ts
│ │ │ ├── get-tsconfig-info.ts
│ │ │ └── install-dependencies.ts
│ │ ├── test
│ │ │ ├── __snapshots__
│ │ │ │ ├── auth-schema-mysql-enum.txt
│ │ │ │ ├── auth-schema-mysql-number-id.txt
│ │ │ │ ├── auth-schema-mysql-passkey-number-id.txt
│ │ │ │ ├── auth-schema-mysql-passkey.txt
│ │ │ │ ├── auth-schema-mysql.txt
│ │ │ │ ├── auth-schema-number-id.txt
│ │ │ │ ├── auth-schema-pg-enum.txt
│ │ │ │ ├── auth-schema-pg-passkey.txt
│ │ │ │ ├── auth-schema-sqlite-enum.txt
│ │ │ │ ├── auth-schema-sqlite-number-id.txt
│ │ │ │ ├── auth-schema-sqlite-passkey-number-id.txt
│ │ │ │ ├── auth-schema-sqlite-passkey.txt
│ │ │ │ ├── auth-schema-sqlite.txt
│ │ │ │ ├── auth-schema.txt
│ │ │ │ ├── migrations.sql
│ │ │ │ ├── schema-mongodb.prisma
│ │ │ │ ├── schema-mysql-custom.prisma
│ │ │ │ ├── schema-mysql.prisma
│ │ │ │ ├── schema-numberid.prisma
│ │ │ │ └── schema.prisma
│ │ │ ├── generate-all-db.test.ts
│ │ │ ├── generate.test.ts
│ │ │ ├── get-config.test.ts
│ │ │ ├── info.test.ts
│ │ │ └── migrate.test.ts
│ │ ├── tsconfig.json
│ │ ├── tsconfig.test.json
│ │ └── tsdown.config.ts
│ ├── core
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── api
│ │ │ │ └── index.ts
│ │ │ ├── async_hooks
│ │ │ │ └── index.ts
│ │ │ ├── context
│ │ │ │ ├── endpoint-context.ts
│ │ │ │ ├── index.ts
│ │ │ │ └── transaction.ts
│ │ │ ├── db
│ │ │ │ ├── adapter
│ │ │ │ │ └── index.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── plugin.ts
│ │ │ │ ├── schema
│ │ │ │ │ ├── account.ts
│ │ │ │ │ ├── rate-limit.ts
│ │ │ │ │ ├── session.ts
│ │ │ │ │ ├── shared.ts
│ │ │ │ │ ├── user.ts
│ │ │ │ │ └── verification.ts
│ │ │ │ └── type.ts
│ │ │ ├── env
│ │ │ │ ├── color-depth.ts
│ │ │ │ ├── env-impl.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── logger.test.ts
│ │ │ │ └── logger.ts
│ │ │ ├── error
│ │ │ │ ├── codes.ts
│ │ │ │ └── index.ts
│ │ │ ├── index.ts
│ │ │ ├── oauth2
│ │ │ │ ├── client-credentials-token.ts
│ │ │ │ ├── create-authorization-url.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── oauth-provider.ts
│ │ │ │ ├── refresh-access-token.ts
│ │ │ │ ├── utils.ts
│ │ │ │ └── validate-authorization-code.ts
│ │ │ ├── social-providers
│ │ │ │ ├── apple.ts
│ │ │ │ ├── atlassian.ts
│ │ │ │ ├── cognito.ts
│ │ │ │ ├── discord.ts
│ │ │ │ ├── dropbox.ts
│ │ │ │ ├── facebook.ts
│ │ │ │ ├── figma.ts
│ │ │ │ ├── github.ts
│ │ │ │ ├── gitlab.ts
│ │ │ │ ├── google.ts
│ │ │ │ ├── huggingface.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── kakao.ts
│ │ │ │ ├── kick.ts
│ │ │ │ ├── line.ts
│ │ │ │ ├── linear.ts
│ │ │ │ ├── linkedin.ts
│ │ │ │ ├── microsoft-entra-id.ts
│ │ │ │ ├── naver.ts
│ │ │ │ ├── notion.ts
│ │ │ │ ├── paypal.ts
│ │ │ │ ├── reddit.ts
│ │ │ │ ├── roblox.ts
│ │ │ │ ├── salesforce.ts
│ │ │ │ ├── slack.ts
│ │ │ │ ├── spotify.ts
│ │ │ │ ├── tiktok.ts
│ │ │ │ ├── twitch.ts
│ │ │ │ ├── twitter.ts
│ │ │ │ ├── vk.ts
│ │ │ │ └── zoom.ts
│ │ │ ├── types
│ │ │ │ ├── context.ts
│ │ │ │ ├── cookie.ts
│ │ │ │ ├── helper.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── init-options.ts
│ │ │ │ ├── plugin-client.ts
│ │ │ │ └── plugin.ts
│ │ │ └── utils
│ │ │ ├── error-codes.ts
│ │ │ └── index.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── expo
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── README.md
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── expo.test.ts
│ │ │ └── index.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── sso
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── index.ts
│ │ │ ├── oidc.test.ts
│ │ │ └── saml.test.ts
│ │ ├── tsconfig.json
│ │ └── tsdown.config.ts
│ ├── stripe
│ │ ├── CHANGELOG.md
│ │ ├── package.json
│ │ ├── src
│ │ │ ├── client.ts
│ │ │ ├── hooks.ts
│ │ │ ├── index.ts
│ │ │ ├── schema.ts
│ │ │ ├── stripe.test.ts
│ │ │ ├── types.ts
│ │ │ └── utils.ts
│ │ ├── tsconfig.json
│ │ ├── tsdown.config.ts
│ │ └── vitest.config.ts
│ └── telemetry
│ ├── package.json
│ ├── src
│ │ ├── detectors
│ │ │ ├── detect-auth-config.ts
│ │ │ ├── detect-database.ts
│ │ │ ├── detect-framework.ts
│ │ │ ├── detect-project-info.ts
│ │ │ ├── detect-runtime.ts
│ │ │ └── detect-system-info.ts
│ │ ├── index.ts
│ │ ├── project-id.ts
│ │ ├── telemetry.test.ts
│ │ ├── types.ts
│ │ └── utils
│ │ ├── hash.ts
│ │ ├── id.ts
│ │ ├── import-util.ts
│ │ └── package-json.ts
│ ├── tsconfig.json
│ └── tsdown.config.ts
├── pnpm-lock.yaml
├── pnpm-workspace.yaml
├── README.md
├── SECURITY.md
├── tsconfig.json
└── turbo.json
```
# Files
--------------------------------------------------------------------------------
/packages/core/src/env/env-impl.ts:
--------------------------------------------------------------------------------
```typescript
/// <reference types="node" />
/// <reference types="bun" />
//https://github.com/unjs/std-env/blob/main/src/env.ts
const _envShim = Object.create(null);
export type EnvObject = Record<string, string | undefined>;
const _getEnv = (useShim?: boolean) =>
globalThis.process?.env ||
//@ts-expect-error
globalThis.Deno?.env.toObject() ||
//@ts-expect-error
globalThis.__env__ ||
(useShim ? _envShim : globalThis);
export const env = new Proxy<EnvObject>(_envShim, {
get(_, prop) {
const env = _getEnv();
return env[prop as any] ?? _envShim[prop];
},
has(_, prop) {
const env = _getEnv();
return prop in env || prop in _envShim;
},
set(_, prop, value) {
const env = _getEnv(true);
env[prop as any] = value;
return true;
},
deleteProperty(_, prop) {
if (!prop) {
return false;
}
const env = _getEnv(true);
delete env[prop as any];
return true;
},
ownKeys() {
const env = _getEnv(true);
return Object.keys(env);
},
});
function toBoolean(val: boolean | string | undefined) {
return val ? val !== "false" : false;
}
export const nodeENV =
(typeof process !== "undefined" && process.env && process.env.NODE_ENV) || "";
/** Detect if `NODE_ENV` environment variable is `production` */
export const isProduction = nodeENV === "production";
/** Detect if `NODE_ENV` environment variable is `dev` or `development` */
export const isDevelopment = nodeENV === "dev" || nodeENV === "development";
/** Detect if `NODE_ENV` environment variable is `test` */
export const isTest = () => nodeENV === "test" || toBoolean(env.TEST);
/**
* Get environment variable with fallback
*/
export function getEnvVar<Fallback extends string>(
key: string,
fallback?: Fallback,
): Fallback extends string ? string : string | undefined {
if (typeof process !== "undefined" && process.env) {
return process.env[key] ?? (fallback as any);
}
// @ts-expect-error deno
if (typeof Deno !== "undefined") {
// @ts-expect-error deno
return Deno.env.get(key) ?? (fallback as string);
}
// Handle Bun
if (typeof Bun !== "undefined") {
return Bun.env[key] ?? (fallback as string);
}
return fallback as any;
}
/**
* Get boolean environment variable
*/
export function getBooleanEnvVar(key: string, fallback = true): boolean {
const value = getEnvVar(key);
if (!value) return fallback;
return value !== "0" && value.toLowerCase() !== "false" && value !== "";
}
/**
* Common environment variables used in Better Auth
*/
export const ENV = Object.freeze({
get BETTER_AUTH_SECRET() {
return getEnvVar("BETTER_AUTH_SECRET");
},
get AUTH_SECRET() {
return getEnvVar("AUTH_SECRET");
},
get BETTER_AUTH_TELEMETRY() {
return getEnvVar("BETTER_AUTH_TELEMETRY");
},
get BETTER_AUTH_TELEMETRY_ID() {
return getEnvVar("BETTER_AUTH_TELEMETRY_ID");
},
get NODE_ENV() {
return getEnvVar("NODE_ENV", "development");
},
get PACKAGE_VERSION() {
return getEnvVar("PACKAGE_VERSION", "0.0.0");
},
get BETTER_AUTH_TELEMETRY_ENDPOINT() {
return getEnvVar(
"BETTER_AUTH_TELEMETRY_ENDPOINT",
"https://telemetry.better-auth.com/v1/track",
);
},
});
```
--------------------------------------------------------------------------------
/packages/better-auth/src/client/query.ts:
--------------------------------------------------------------------------------
```typescript
import {
BetterFetchError,
type BetterFetch,
type BetterFetchOption,
} from "@better-fetch/fetch";
import { atom, onMount, type PreinitializedWritableAtom } from "nanostores";
import type { SessionQueryParams } from "./types";
// SSR detection
const isServer = typeof window === "undefined";
export const useAuthQuery = <T>(
initializedAtom:
| PreinitializedWritableAtom<any>
| PreinitializedWritableAtom<any>[],
path: string,
$fetch: BetterFetch,
options?:
| ((value: {
data: null | T;
error: null | BetterFetchError;
isPending: boolean;
}) => BetterFetchOption)
| BetterFetchOption,
) => {
const value = atom<{
data: null | T;
error: null | BetterFetchError;
isPending: boolean;
isRefetching: boolean;
refetch: (queryParams?: { query?: SessionQueryParams }) => void;
}>({
data: null,
error: null,
isPending: true,
isRefetching: false,
refetch: (queryParams?: { query?: SessionQueryParams }) => {
return fn(queryParams);
},
});
const fn = (queryParams?: { query?: SessionQueryParams }) => {
const opts =
typeof options === "function"
? options({
data: value.get().data,
error: value.get().error,
isPending: value.get().isPending,
})
: options;
$fetch<T>(path, {
...opts,
query: {
...opts?.query,
...queryParams?.query,
},
async onSuccess(context) {
value.set({
data: context.data,
error: null,
isPending: false,
isRefetching: false,
refetch: value.value.refetch,
});
await opts?.onSuccess?.(context);
},
async onError(context) {
const { request } = context;
const retryAttempts =
typeof request.retry === "number"
? request.retry
: request.retry?.attempts;
const retryAttempt = request.retryAttempt || 0;
if (retryAttempts && retryAttempt < retryAttempts) return;
value.set({
error: context.error,
data: null,
isPending: false,
isRefetching: false,
refetch: value.value.refetch,
});
await opts?.onError?.(context);
},
async onRequest(context) {
const currentValue = value.get();
value.set({
isPending: currentValue.data === null,
data: currentValue.data,
error: null,
isRefetching: true,
refetch: value.value.refetch,
});
await opts?.onRequest?.(context);
},
}).catch((error) => {
value.set({
error,
data: null,
isPending: false,
isRefetching: false,
refetch: value.value.refetch,
});
});
};
initializedAtom = Array.isArray(initializedAtom)
? initializedAtom
: [initializedAtom];
let isMounted = false;
for (const initAtom of initializedAtom) {
initAtom.subscribe(() => {
if (isServer) {
// On server, don't trigger fetch
return;
}
if (isMounted) {
fn();
} else {
onMount(value, () => {
const timeoutId = setTimeout(() => {
if (!isMounted) {
fn();
isMounted = true;
}
}, 0);
return () => {
value.off();
initAtom.off();
clearTimeout(timeoutId);
};
});
}
});
}
return value;
};
```
--------------------------------------------------------------------------------
/packages/better-auth/src/adapters/kysely-adapter/dialect.ts:
--------------------------------------------------------------------------------
```typescript
import { Kysely, MssqlDialect } from "kysely";
import {
type Dialect,
MysqlDialect,
PostgresDialect,
SqliteDialect,
} from "kysely";
import type { BetterAuthOptions } from "@better-auth/core";
import type { KyselyDatabaseType } from "./types";
export function getKyselyDatabaseType(
db: BetterAuthOptions["database"],
): KyselyDatabaseType | null {
if (!db) {
return null;
}
if ("dialect" in db) {
return getKyselyDatabaseType(db.dialect as Dialect);
}
if ("createDriver" in db) {
if (db instanceof SqliteDialect) {
return "sqlite";
}
if (db instanceof MysqlDialect) {
return "mysql";
}
if (db instanceof PostgresDialect) {
return "postgres";
}
if (db instanceof MssqlDialect) {
return "mssql";
}
}
if ("aggregate" in db) {
return "sqlite";
}
if ("getConnection" in db) {
return "mysql";
}
if ("connect" in db) {
return "postgres";
}
if ("fileControl" in db) {
return "sqlite";
}
if ("open" in db && "close" in db && "prepare" in db) {
return "sqlite";
}
return null;
}
export const createKyselyAdapter = async (config: BetterAuthOptions) => {
const db = config.database;
if (!db) {
return {
kysely: null,
databaseType: null,
transaction: undefined,
};
}
if ("db" in db) {
return {
kysely: db.db,
databaseType: db.type,
transaction: db.transaction,
};
}
if ("dialect" in db) {
return {
kysely: new Kysely<any>({ dialect: db.dialect }),
databaseType: db.type,
transaction: db.transaction,
};
}
let dialect: Dialect | undefined = undefined;
const databaseType = getKyselyDatabaseType(db);
if ("createDriver" in db) {
dialect = db;
}
if ("aggregate" in db && !("createSession" in db)) {
dialect = new SqliteDialect({
database: db,
});
}
if ("getConnection" in db) {
// @ts-expect-error - mysql2/promise
dialect = new MysqlDialect(db);
}
if ("connect" in db) {
dialect = new PostgresDialect({
pool: db,
});
}
if ("fileControl" in db) {
const { BunSqliteDialect } = await import("./bun-sqlite-dialect");
dialect = new BunSqliteDialect({
database: db,
});
}
if ("createSession" in db && typeof window === "undefined") {
let DatabaseSync: typeof import("node:sqlite").DatabaseSync | undefined =
undefined;
try {
let nodeSqlite: string = "node:sqlite";
// Ignore both Vite and Webpack for dynamic import as they both try to pre-bundle 'node:sqlite' which might fail
// It's okay because we are in a try-catch block
({ DatabaseSync } = await import(
/* @vite-ignore */
/* webpackIgnore: true */
nodeSqlite
));
} catch (error: unknown) {
if (
error !== null &&
typeof error === "object" &&
"code" in error &&
error.code !== "ERR_UNKNOWN_BUILTIN_MODULE"
) {
throw error;
}
}
if (DatabaseSync && db instanceof DatabaseSync) {
const { NodeSqliteDialect } = await import("./node-sqlite-dialect");
dialect = new NodeSqliteDialect({
database: db,
});
}
}
return {
kysely: dialect ? new Kysely<any>({ dialect }) : null,
databaseType,
transaction: undefined,
};
};
```
--------------------------------------------------------------------------------
/packages/better-auth/src/db/secondary-storage.test.ts:
--------------------------------------------------------------------------------
```typescript
import { beforeEach, describe, expect, it } from "vitest";
import { getTestInstance } from "../test-utils/test-instance";
import { safeJSONParse } from "../utils/json";
describe("secondary storage - get returns JSON string", async () => {
let store = new Map<string, string>();
const { client, signInWithTestUser } = await getTestInstance({
secondaryStorage: {
set(key, value, ttl) {
store.set(key, value);
},
get(key) {
return store.get(key) || null;
},
delete(key) {
store.delete(key);
},
},
rateLimit: {
enabled: false,
},
});
beforeEach(() => {
store.clear();
});
it("should work end-to-end with string return", async () => {
expect(store.size).toBe(0);
const { headers } = await signInWithTestUser();
expect(store.size).toBe(2);
const s1 = await client.getSession({
fetchOptions: { headers },
});
expect(s1.data).toMatchObject({
session: {
userId: expect.any(String),
token: expect.any(String),
expiresAt: expect.any(Date),
ipAddress: expect.any(String),
userAgent: expect.any(String),
},
user: {
id: expect.any(String),
name: "test user",
email: "[email protected]",
emailVerified: false,
image: null,
createdAt: expect.any(Date),
updatedAt: expect.any(Date),
},
});
const list = await client.listSessions({ fetchOptions: { headers } });
expect(list.data?.length).toBe(1);
const token = s1.data!.session.token;
const revoke = await client.revokeSession({
fetchOptions: { headers },
token,
});
expect(revoke.data?.status).toBe(true);
const after = await client.getSession({ fetchOptions: { headers } });
expect(after.data).toBeNull();
expect(store.size).toBe(0);
});
});
describe("secondary storage - get returns already-parsed object", async () => {
let store = new Map<string, any>();
const { client, signInWithTestUser } = await getTestInstance({
secondaryStorage: {
set(key, value, ttl) {
store.set(key, safeJSONParse(value));
},
get(key) {
return store.get(key);
},
delete(key) {
store.delete(key);
},
},
rateLimit: {
enabled: false,
},
});
beforeEach(() => {
store.clear();
});
it("should work end-to-end with object return", async () => {
const { headers } = await signInWithTestUser();
const s1 = await client.getSession({ fetchOptions: { headers } });
expect(s1.data).not.toBeNull();
const userId = s1.data!.session.userId;
const activeList = store.get(`active-sessions-${userId}`);
expect(Array.isArray(activeList)).toBe(true);
expect(activeList.length).toBe(1);
const list = await client.listSessions({ fetchOptions: { headers } });
expect(list.data?.length).toBe(1);
const token = s1.data!.session.token;
const revoke = await client.revokeSession({
fetchOptions: { headers },
token,
});
expect(revoke.data?.status).toBe(true);
const after = await client.getSession({ fetchOptions: { headers } });
expect(after.data).toBeNull();
const activeAfter = store.get(`active-sessions-${userId}`);
expect(activeAfter ?? null).toBeNull();
});
});
```
--------------------------------------------------------------------------------
/packages/core/src/types/plugin.ts:
--------------------------------------------------------------------------------
```typescript
import type { Migration } from "kysely";
import type { AuthContext } from "./context";
import type {
Endpoint,
EndpointContext,
InputContext,
Middleware,
} from "better-call";
import type { BetterAuthPluginDBSchema } from "../db";
import type { LiteralString } from "./helper";
import type { BetterAuthOptions } from "./init-options";
import type { AuthMiddleware } from "../api";
type Awaitable<T> = T | Promise<T>;
type DeepPartial<T> = T extends Function
? T
: T extends object
? { [K in keyof T]?: DeepPartial<T[K]> }
: T;
export type HookEndpointContext = Partial<
EndpointContext<string, any> & Omit<InputContext<string, any>, "method">
> & {
path: string;
context: AuthContext & {
returned?: unknown;
responseHeaders?: Headers;
};
headers?: Headers | undefined;
};
export type BetterAuthPlugin = {
id: LiteralString;
/**
* The init function is called when the plugin is initialized.
* You can return a new context or modify the existing context.
*/
init?: (ctx: AuthContext) =>
| Awaitable<{
context?: DeepPartial<Omit<AuthContext, "options">>;
options?: Partial<BetterAuthOptions>;
}>
| void
| Promise<void>;
endpoints?: {
[key: string]: Endpoint;
};
middlewares?: {
path: string;
middleware: Middleware;
}[];
onRequest?: (
request: Request,
ctx: AuthContext,
) => Promise<
| {
response: Response;
}
| {
request: Request;
}
| void
>;
onResponse?: (
response: Response,
ctx: AuthContext,
) => Promise<{
response: Response;
} | void>;
hooks?: {
before?: {
matcher: (context: HookEndpointContext) => boolean;
handler: AuthMiddleware;
}[];
after?: {
matcher: (context: HookEndpointContext) => boolean;
handler: AuthMiddleware;
}[];
};
/**
* Schema the plugin needs
*
* This will also be used to migrate the database. If the fields are dynamic from the plugins
* configuration each time the configuration is changed a new migration will be created.
*
* NOTE: If you want to create migrations manually using
* migrations option or any other way you
* can disable migration per table basis.
*
* @example
* ```ts
* schema: {
* user: {
* fields: {
* email: {
* type: "string",
* },
* emailVerified: {
* type: "boolean",
* defaultValue: false,
* },
* },
* }
* } as AuthPluginSchema
* ```
*/
schema?: BetterAuthPluginDBSchema;
/**
* The migrations of the plugin. If you define schema that will automatically create
* migrations for you.
*
* ⚠️ Only uses this if you dont't want to use the schema option and you disabled migrations for
* the tables.
*/
migrations?: Record<string, Migration>;
/**
* The options of the plugin
*/
options?: Record<string, any> | undefined;
/**
* types to be inferred
*/
$Infer?: Record<string, any>;
/**
* The rate limit rules to apply to specific paths.
*/
rateLimit?: {
window: number;
max: number;
pathMatcher: (path: string) => boolean;
}[];
/**
* The error codes returned by the plugin
*/
$ERROR_CODES?: Record<string, string>;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/plugins/open-api.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Open API
description: Open API reference for Better Auth.
---
This is a plugin that provides an Open API reference for Better Auth. It shows all endpoints added by plugins and the core. It also provides a way to test the endpoints. It uses [Scalar](https://scalar.com/) to display the Open API reference.
<Callout>
This plugin is still in the early stages of development. We are working on adding more features to it and filling in the gaps.
</Callout>
## Installation
<Steps>
<Step>
### Add the plugin to your **auth** config
```ts title="auth.ts"
import { betterAuth } from "better-auth"
import { openAPI } from "better-auth/plugins"
export const auth = betterAuth({
plugins: [ // [!code highlight]
openAPI(), // [!code highlight]
] // [!code highlight]
})
```
</Step>
<Step>
### Navigate to `/api/auth/reference` to view the Open API reference
Each plugin endpoints are grouped by the plugin name. The core endpoints are grouped under the `Default` group. And Model schemas are grouped under the `Models` group.
</Step>
</Steps>
## Usage
The Open API reference is generated using the [OpenAPI 3.0](https://swagger.io/specification/) specification. You can use the reference to generate client libraries, documentation, and more.
The reference is generated using the [Scalar](https://scalar.com/) library. Scalar provides a way to view and test the endpoints. You can test the endpoints by clicking on the `Try it out` button and providing the required parameters.
### Generated Schema
To get the generated Open API schema directly as JSON, you can do `auth.api.generateOpenAPISchema()`. This will return the Open API schema as a JSON object.
```ts
import { auth } from "~/lib/auth"
const openAPISchema = await auth.api.generateOpenAPISchema()
console.log(openAPISchema)
```
### Using Scalar with Multiple Sources
If you're using Scalar for your API documentation, you can add Better Auth as an additional source alongside your main API:
When using Hono with Scalar for OpenAPI documentation, you can integrate Better Auth by adding it as a source:
```ts
app.get("/docs", Scalar({
pageTitle: "API Documentation",
sources: [
{ url: "/api/open-api", title: "API" },
// Better Auth schema generation endpoint
{ url: "/api/auth/open-api/generate-schema", title: "Auth" },
],
}));
```
## Configuration
`path` - The path where the Open API reference is served. Default is `/api/auth/reference`. You can change it to any path you like, but keep in mind that it will be appended to the base path of your auth server.
`disableDefaultReference` - If set to `true`, the default Open API reference UI by Scalar will be disabled. Default is `false`.
This allows you to display both your application's API and Better Auth's authentication endpoints in a unified documentation interface.
`theme` - Allows you to change the theme of the OpenAPI reference page. Default is `default`.
```
--------------------------------------------------------------------------------
/demo/nextjs/components/ui/tabs2.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import { useState } from "react";
import { motion } from "framer-motion";
import { cn } from "@/lib/utils";
type Tab = {
title: string;
value: string;
content?: string | React.ReactNode | any;
};
export const Tabs = ({
tabs: propTabs,
containerClassName,
activeTabClassName,
tabClassName,
contentClassName,
}: {
tabs: Tab[];
containerClassName?: string;
activeTabClassName?: string;
tabClassName?: string;
contentClassName?: string;
}) => {
const [active, setActive] = useState<Tab>(propTabs[0]);
const [tabs, setTabs] = useState<Tab[]>(propTabs);
const moveSelectedTabToTop = (idx: number) => {
const newTabs = [...propTabs];
const selectedTab = newTabs.splice(idx, 1);
newTabs.unshift(selectedTab[0]);
setTabs(newTabs);
setActive(newTabs[0]);
};
const [hovering, setHovering] = useState(false);
return (
<>
<div
className={cn(
"flex flex-row items-center justify-start mt-0 perspective-[1000px] relative overflow-auto sm:overflow-visible no-visible-scrollbar border-x w-full border-t max-w-max bg-opacity-0",
containerClassName,
)}
>
{propTabs.map((tab, idx) => (
<button
key={tab.title}
onClick={() => {
moveSelectedTabToTop(idx);
}}
onMouseEnter={() => setHovering(true)}
onMouseLeave={() => setHovering(false)}
className={cn(
"relative px-4 py-2 rounded-full opacity-80 hover:opacity-100",
tabClassName,
)}
style={{
transformStyle: "preserve-3d",
}}
>
{active.value === tab.value && (
<motion.div
transition={{
duration: 0.2,
delay: 0.1,
type: "keyframes",
}}
animate={{
x: tabs.indexOf(tab) === 0 ? [0, 0, 0] : [0, 0, 0],
}}
className={cn(
"absolute inset-0 bg-gray-200 dark:bg-zinc-900/90 opacity-100",
activeTabClassName,
)}
/>
)}
<span
className={cn(
"relative block text-black dark:text-white",
active.value === tab.value
? "text-opacity-100 font-medium"
: "opacity-40 ",
)}
>
{tab.title}
</span>
</button>
))}
</div>
<FadeInDiv
tabs={tabs}
active={active}
key={active.value}
hovering={hovering}
className={cn("", contentClassName)}
/>
</>
);
};
export const FadeInDiv = ({
className,
tabs,
}: {
className?: string;
key?: string;
tabs: Tab[];
active: Tab;
hovering?: boolean;
}) => {
const isActive = (tab: Tab) => {
return tab.value === tabs[0].value;
};
return (
<div className="relative w-full h-full">
{tabs.map((tab, idx) => (
<motion.div
key={tab.value}
style={{
scale: 1 - idx * 0.1,
zIndex: -idx,
opacity: idx < 3 ? 1 - idx * 0.1 : 0,
}}
animate={{
transition: {
duration: 0.2,
delay: 0.1,
type: "keyframes",
},
}}
className={cn(
"w-full h-full",
isActive(tab) ? "" : "hidden",
className,
)}
>
{tab.content}
</motion.div>
))}
</div>
);
};
```
--------------------------------------------------------------------------------
/docs/components/markdown-renderer.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import ReactMarkdown from "react-markdown";
import remarkGfm from "remark-gfm";
import rehypeHighlight from "rehype-highlight";
import "highlight.js/styles/dark.css";
import { Pre } from "fumadocs-ui/components/codeblock";
interface MarkdownRendererProps {
content: string;
className?: string;
}
export function MarkdownRenderer({
content,
className = "",
}: MarkdownRendererProps) {
return (
<div className={`markdown-content px-2 ${className}`}>
<ReactMarkdown
remarkPlugins={[remarkGfm]}
rehypePlugins={[[rehypeHighlight]]}
components={{
pre: (props) => (
<div className="my-4 max-w-full overflow-hidden">
<Pre {...props} />
</div>
),
code: ({ className, children, ...props }: any) => {
const isInline = !className?.includes("language-");
if (isInline) {
return (
<code
className="bg-muted px-1.5 py-0.5 rounded text-xs font-mono"
{...props}
>
{children}
</code>
);
}
return (
<code className={className} {...props}>
{children}
</code>
);
},
h1: ({ children }) => (
<h1 className="text-lg font-bold mt-6 mb-3 first:mt-0">
{children}
</h1>
),
h2: ({ children }) => (
<h2 className="text-base font-semibold mt-5 mb-3">{children}</h2>
),
h3: ({ children }) => (
<h3 className="text-sm font-semibold mt-4 mb-2">{children}</h3>
),
h4: ({ children }) => (
<h4 className="text-sm font-medium mt-3 mb-2">{children}</h4>
),
h5: ({ children }) => (
<h5 className="text-xs font-medium mt-3 mb-2">{children}</h5>
),
h6: ({ children }) => (
<h6 className="text-xs font-medium mt-3 mb-2">{children}</h6>
),
p: ({ children }) => (
<p className="text-sm leading-relaxed mb-3 last:mb-0">{children}</p>
),
a: ({ href, children }) => (
<a
href={href}
target="_blank"
rel="noopener noreferrer"
className="text-primary underline hover:text-primary/80 text-sm transition-colors"
>
{children}
</a>
),
blockquote: ({ children }) => (
<blockquote className="border-l-4 border-muted-foreground/20 pl-4 my-4 text-sm italic">
{children}
</blockquote>
),
table: ({ children }) => (
<div className="overflow-x-auto my-4 max-w-full">
<table className="min-w-full text-sm border-collapse border border-border">
{children}
</table>
</div>
),
th: ({ children }) => (
<th className="border border-border px-2 py-1 bg-muted text-left font-medium">
{children}
</th>
),
td: ({ children }) => (
<td className="border border-border px-2 py-1">{children}</td>
),
hr: () => <hr className="my-6 border-border" />,
strong: ({ children }) => (
<strong className="font-semibold">{children}</strong>
),
em: ({ children }) => <em className="italic">{children}</em>,
}}
>
{content}
</ReactMarkdown>
</div>
);
}
```
--------------------------------------------------------------------------------
/packages/better-auth/tsdown.config.ts:
--------------------------------------------------------------------------------
```typescript
import { defineConfig } from "tsdown";
export default defineConfig({
dts: true,
format: ["esm", "cjs"],
entry: [
"./src/index.ts",
"./src/social-providers/index.ts",
"./src/client/index.ts",
"./src/client/plugins/index.ts",
"./src/types/index.ts",
"./src/crypto/index.ts",
"./src/cookies/index.ts",
"./src/adapters/prisma-adapter/index.ts",
"./src/adapters/drizzle-adapter/index.ts",
"./src/adapters/mongodb-adapter/index.ts",
"./src/adapters/kysely-adapter/index.ts",
"./src/adapters/memory-adapter/index.ts",
"./src/adapters/test.ts",
"./src/adapters/index.ts",
"./src/db/index.ts",
"./src/oauth2/index.ts",
"./src/client/react/index.ts",
"./src/client/vue/index.ts",
"./src/client/svelte/index.ts",
"./src/client/solid/index.ts",
"./src/client/lynx/index.ts",
"./src/plugins/index.ts",
"./src/plugins/access/index.ts",
"./src/api/index.ts",
"./src/integrations/svelte-kit.ts",
"./src/integrations/solid-start.ts",
"./src/integrations/next-js.ts",
"./src/integrations/react-start.ts",
"./src/integrations/node.ts",
"./src/plugins/admin/index.ts",
"./src/plugins/admin/access/index.ts",
"./src/plugins/anonymous/index.ts",
"./src/plugins/bearer/index.ts",
"./src/plugins/captcha/index.ts",
"./src/plugins/custom-session/index.ts",
"./src/plugins/device-authorization/index.ts",
"./src/plugins/email-otp/index.ts",
"./src/plugins/generic-oauth/index.ts",
"./src/plugins/jwt/index.ts",
"./src/plugins/magic-link/index.ts",
"./src/plugins/multi-session/index.ts",
"./src/plugins/one-tap/index.ts",
"./src/plugins/open-api/index.ts",
"./src/plugins/oidc-provider/index.ts",
"./src/plugins/oauth-proxy/index.ts",
"./src/plugins/organization/index.ts",
"./src/plugins/organization/access/index.ts",
"./src/plugins/passkey/index.ts",
"./src/plugins/phone-number/index.ts",
"./src/plugins/two-factor/index.ts",
"./src/plugins/username/index.ts",
"./src/plugins/haveibeenpwned/index.ts",
"./src/plugins/one-time-token/index.ts",
"./src/plugins/siwe/index.ts",
"./src/test-utils/index.ts",
],
external: [
"prisma",
"@prisma/client",
"better-sqlite3",
"react",
"vue",
"solid-js",
"solid-js/store",
"next/headers",
"$app/environment",
"vitest",
"@vitest/runner",
"@vitest/utils",
"@vitest/expect",
"@vitest/snapshot",
"@vitest/spy",
"chai",
"mongodb",
"drizzle-orm",
"pathe",
"std-env",
"magic-string",
"pretty-format",
"p-limit",
"tinyspy",
"next/dist/compiled/@edge-runtime/cookies",
"@tanstack/react-start",
"@tanstack/start-server-core",
"bson",
"mongodb-connection-string-url",
"@mongodb-js/saslprep",
"kerberos",
"@mongodb-js/zstd",
"nanostores",
"@aws-sdk/credential-providers",
"mongodb-client-encryption",
"@vue/runtime-dom",
"@vue/runtime-core",
"@vue/shared",
"@vue/reactivity",
"@vue/compiler-dom",
"@vue/compiler-core",
"@babel/types",
"@babel/parser",
"punycode",
"@sveltejs/kit",
"svelte/compiler",
"@sveltejs/vite-plugin-svelte",
"csstype",
"siwe",
"@lynx-js/react",
],
treeshake: true,
clean: true,
});
```
--------------------------------------------------------------------------------
/docs/components/anchor-scroll-fix.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import { useEffect, useRef } from "react";
export function AnchorScroll() {
const scrollTimeoutRef = useRef<NodeJS.Timeout | undefined>(undefined);
const isScrollingRef = useRef(false);
useEffect(() => {
function calculateScrollOffset() {
const root = document.documentElement;
const navHeight = parseInt(
getComputedStyle(root).getPropertyValue("--fd-nav-height") || "56",
);
const bannerHeight = parseInt(
getComputedStyle(root).getPropertyValue("--fd-banner-height") || "0",
);
const tocnavHeight = parseInt(
getComputedStyle(root).getPropertyValue("--fd-tocnav-height") || "0",
);
return navHeight + bannerHeight + tocnavHeight + 24;
}
function smoothScrollToElement(element: HTMLElement) {
if (isScrollingRef.current) return;
isScrollingRef.current = true;
document.documentElement.setAttribute("data-anchor-scrolling", "true");
const elementRect = element.getBoundingClientRect();
const scrollOffset = calculateScrollOffset();
const targetPosition =
window.pageYOffset + elementRect.top - scrollOffset;
// Simple smooth scroll animation
const startPosition = window.pageYOffset;
const distance = targetPosition - startPosition;
const duration = Math.min(500, Math.abs(distance) * 0.3);
const startTime = performance.now();
function animateScroll(currentTime: number) {
const elapsed = currentTime - startTime;
const progress = Math.min(elapsed / duration, 1);
const easeOutCubic = (t: number) => 1 - Math.pow(1 - t, 3);
const currentPosition =
startPosition + distance * easeOutCubic(progress);
window.scrollTo(0, currentPosition);
if (progress < 1) {
requestAnimationFrame(animateScroll);
} else {
document.documentElement.removeAttribute("data-anchor-scrolling");
isScrollingRef.current = false;
}
}
requestAnimationFrame(animateScroll);
}
function handleAnchorScroll() {
if (window.location.hash) {
const element = document.getElementById(window.location.hash.slice(1));
if (element) {
scrollTimeoutRef.current = setTimeout(
() => smoothScrollToElement(element),
100,
);
}
}
}
function handleHashChange() {
const element = document.getElementById(window.location.hash.slice(1));
if (element) smoothScrollToElement(element);
}
function handleAnchorClick(event: Event) {
const link = (event.target as HTMLElement).closest(
'a[href^="#"]',
) as HTMLAnchorElement;
if (link?.hash) {
event.preventDefault();
const element = document.getElementById(link.hash.slice(1));
if (element) {
history.pushState(null, "", link.hash);
smoothScrollToElement(element);
}
}
}
handleAnchorScroll();
window.addEventListener("hashchange", handleHashChange);
document.addEventListener("click", handleAnchorClick);
return () => {
if (scrollTimeoutRef.current) clearTimeout(scrollTimeoutRef.current);
window.removeEventListener("hashchange", handleHashChange);
document.removeEventListener("click", handleAnchorClick);
};
}, []);
return null;
}
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/tiktok.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: TikTok
description: TikTok provider setup and usage.
---
<Steps>
<Step>
### Get your TikTok Credentials
To integrate with TikTok, you need to obtain API credentials by creating an application in the [TikTok Developer Portal](https://developers.tiktok.com/apps).
Follow these steps:
1. Create an account on the TikTok Developer Portal
2. Create a new application
3. Set up a sandbox environment for testing
4. Configure your redirect URL (must be HTTPS)
5. Note your Client Secret and Client Key
<Callout type="info">
- The TikTok API does not work with localhost. You need to use a public domain for the redirect URL and HTTPS for local testing. You can use [NGROK](https://ngrok.com/) or another similar tool for this.
- For testing, you will need to use the [Sandbox mode](https://developers.tiktok.com/blog/introducing-sandbox), which you can enable in the TikTok Developer Portal.
- The default scope is `user.info.profile`. For additional scopes, refer to the [Available Scopes](https://developers.tiktok.com/doc/tiktok-api-scopes/) documentation.
</Callout>
Make sure to set the redirect URL to a valid HTTPS domain for local development. For production, you should set it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.
<Callout type="info">
- The TikTok API does not provide email addresses. As a workaround, this implementation uses the user's `username` value for the `email` field, which is why it requires the `user.info.profile` scope instead of just `user.info.basic`.
- For production use, you will need to request approval from TikTok for the scopes you intend to use.
</Callout>
</Step>
<Step>
### Configure the provider
To configure the provider, you need to import the provider and pass it to the `socialProviders` option of the auth instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
tiktok: { // [!code highlight]
clientSecret: process.env.TIKTOK_CLIENT_SECRET as string, // [!code highlight]
clientKey: process.env.TIKTOK_CLIENT_KEY as string, // [!code highlight]
}, // [!code highlight]
},
})
```
</Step>
<Step>
### Sign In with TikTok
To sign in with TikTok, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
- `provider`: The provider to use. It should be set to `tiktok`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "tiktok"
})
}
```
</Step>
</Steps>
```
--------------------------------------------------------------------------------
/demo/nextjs/app/apps/register/page.tsx:
--------------------------------------------------------------------------------
```typescript
"use client";
import { useState } from "react";
import { useRouter } from "next/navigation";
import {
Card,
CardContent,
CardDescription,
CardHeader,
CardTitle,
} from "@/components/ui/card";
import { Input } from "@/components/ui/input";
import { Label } from "@/components/ui/label";
import { Button } from "@/components/ui/button";
import { AlertCircle, Loader2 } from "lucide-react";
import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
import { client } from "@/lib/auth-client";
export default function RegisterOAuthClient() {
const [name, setName] = useState("");
const [logo, setLogo] = useState<File | null>(null);
const [redirectUri, setRedirectUri] = useState("");
const [isSubmitting, setIsSubmitting] = useState(false);
const [error, setError] = useState<string | null>(null);
const router = useRouter();
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();
setIsSubmitting(true);
setError(null);
if (!name || !logo || !redirectUri) {
setError("All fields are required");
setIsSubmitting(false);
return;
}
const res = await client.oauth2.register({
client_name: name,
redirect_uris: [redirectUri],
});
setIsSubmitting(false);
};
return (
<div className="container mx-auto py-10">
<Card className="max-w-md mx-auto">
<CardHeader>
<CardTitle>Register OAuth Client</CardTitle>
<CardDescription>
Provide details to register a new OAuth client as a provider.
</CardDescription>
</CardHeader>
<CardContent>
<form onSubmit={handleSubmit} className="space-y-4">
<div className="space-y-2">
<Label htmlFor="name">Name</Label>
<Input
id="name"
value={name}
onChange={(e) => setName(e.target.value)}
placeholder="Enter client name"
/>
</div>
<div className="space-y-2">
<Label htmlFor="logo">Logo</Label>
<Input
id="logo"
type="file"
onChange={(e) => setLogo(e.target.files?.[0] || null)}
accept="image/*"
/>
</div>
<div className="space-y-2">
<Label htmlFor="redirectUri">Redirect URI</Label>
<Input
id="redirectUri"
value={redirectUri}
onChange={(e) => setRedirectUri(e.target.value)}
placeholder="https://your-app.com/callback"
/>
</div>
{error && (
<Alert variant="destructive">
<AlertCircle className="h-4 w-4" />
<AlertTitle>Error</AlertTitle>
<AlertDescription>{error}</AlertDescription>
</Alert>
)}
<Button type="submit" className="w-full" disabled={isSubmitting}>
{isSubmitting ? (
<>
<Loader2 className="mr-2 h-4 w-4 animate-spin" />
Registering...
</>
) : (
"Register Client"
)}
</Button>
</form>
</CardContent>
</Card>
</div>
);
}
async function convertImageToBase64(file: File): Promise<string> {
return new Promise((resolve, reject) => {
const reader = new FileReader();
reader.onloadend = () => resolve(reader.result as string);
reader.onerror = reject;
reader.readAsDataURL(file);
});
}
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/atlassian.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import { BetterAuthError } from "../error";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import { createAuthorizationURL, validateAuthorizationCode } from "../oauth2";
import { logger } from "../env";
import { refreshAccessToken } from "../oauth2";
export interface AtlassianProfile {
account_type?: string;
account_id: string;
email?: string;
name: string;
picture?: string;
nickname?: string;
locale?: string;
extended_profile?: {
job_title?: string;
organization?: string;
department?: string;
location?: string;
};
}
export interface AtlassianOptions extends ProviderOptions<AtlassianProfile> {
clientId: string;
}
export const atlassian = (options: AtlassianOptions) => {
return {
id: "atlassian",
name: "Atlassian",
async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
if (!options.clientId || !options.clientSecret) {
logger.error("Client Id and Secret are required for Atlassian");
throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
}
if (!codeVerifier) {
throw new BetterAuthError("codeVerifier is required for Atlassian");
}
const _scopes = options.disableDefaultScope
? []
: ["read:jira-user", "offline_access"];
options.scope && _scopes.push(...options.scope);
scopes && _scopes.push(...scopes);
return createAuthorizationURL({
id: "atlassian",
options,
authorizationEndpoint: "https://auth.atlassian.com/authorize",
scopes: _scopes,
state,
codeVerifier,
redirectURI,
additionalParams: {
audience: "api.atlassian.com",
},
prompt: options.prompt,
});
},
validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
return validateAuthorizationCode({
code,
codeVerifier,
redirectURI,
options,
tokenEndpoint: "https://auth.atlassian.com/oauth/token",
});
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientSecret: options.clientSecret,
},
tokenEndpoint: "https://auth.atlassian.com/oauth/token",
});
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
if (!token.accessToken) {
return null;
}
try {
const { data: profile } = await betterFetch<{
account_id: string;
name: string;
email?: string;
picture?: string;
}>("https://api.atlassian.com/me", {
headers: { Authorization: `Bearer ${token.accessToken}` },
});
if (!profile) return null;
const userMap = await options.mapProfileToUser?.(profile);
return {
user: {
id: profile.account_id,
name: profile.name,
email: profile.email,
image: profile.picture,
emailVerified: false,
...userMap,
},
data: profile,
};
} catch (error) {
logger.error("Failed to fetch user info from Figma:", error);
return null;
}
},
options,
} satisfies OAuthProvider<AtlassianProfile>;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/concepts/cookies.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Cookies
description: Learn how cookies are used in Better Auth.
---
Cookies are used to store data such as session tokens, OAuth state, and more. All cookies are signed using the `secret` key provided in the auth options.
### Cookie Prefix
By default, Better Auth cookies follow the format `${prefix}.${cookie_name}`. The default prefix is "better-auth". You can change the prefix by setting `cookiePrefix` in the `advanced` object of the auth options.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
advanced: {
cookiePrefix: "my-app"
}
})
```
### Custom Cookies
All cookies are `httpOnly` and `secure` when the server is running in production mode.
If you want to set custom cookie names and attributes, you can do so by setting `cookieOptions` in the `advanced` object of the auth options.
By default, Better Auth uses the following cookies:
- `session_token` to store the session token
- `session_data` to store the session data if cookie cache is enabled
- `dont_remember` to store the flag when `rememberMe` is disabled
Plugins may also use cookies to store data. For example, the Two Factor Authentication plugin uses the `two_factor` cookie to store the two-factor authentication state.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
advanced: {
cookies: {
session_token: {
name: "custom_session_token",
attributes: {
// Set custom cookie attributes
}
},
}
}
})
```
### Cross Subdomain Cookies
Sometimes you may need to share cookies across subdomains.
For example, if you authenticate on `auth.example.com`, you may also want to access the same session on `app.example.com`.
<Callout type="warn">
The `domain` attribute controls which domains can access the cookie. Setting it to your root domain (e.g. `example.com`) makes the cookie accessible across all subdomains. For security, follow these guidelines:
1. Only enable cross-subdomain cookies if it's necessary
2. Set the domain to the most specific scope needed (e.g. `app.example.com` instead of `.example.com`)
3. Be cautious of untrusted subdomains that could potentially access these cookies
4. Consider using separate domains for untrusted services (e.g. `status.company.com` vs `app.company.com`)
</Callout>
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
advanced: {
crossSubDomainCookies: {
enabled: true,
domain: "app.example.com", // your domain
},
},
trustedOrigins: [
'https://example.com',
'https://app1.example.com',
'https://app2.example.com',
],
})
```
### Secure Cookies
By default, cookies are secure only when the server is running in production mode. You can force cookies to be always secure by setting `useSecureCookies` to `true` in the `advanced` object in the auth options.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
advanced: {
useSecureCookies: true
}
})
```
```
--------------------------------------------------------------------------------
/packages/better-auth/src/plugins/bearer/index.ts:
--------------------------------------------------------------------------------
```typescript
import { serializeSignedCookie } from "better-call";
import type { BetterAuthPlugin } from "@better-auth/core";
import { parseSetCookieHeader } from "../../cookies";
import { createAuthMiddleware } from "@better-auth/core/api";
import { createHMAC } from "@better-auth/utils/hmac";
interface BearerOptions {
/**
* If true, only signed tokens
* will be converted to session
* cookies
*
* @default false
*/
requireSignature?: boolean;
}
/**
* Converts bearer token to session cookie
*/
export const bearer = (options?: BearerOptions) => {
return {
id: "bearer",
hooks: {
before: [
{
matcher(context) {
return Boolean(
context.request?.headers.get("authorization") ||
context.headers?.get("authorization"),
);
},
handler: createAuthMiddleware(async (c) => {
const token =
c.request?.headers.get("authorization")?.replace("Bearer ", "") ||
c.headers?.get("Authorization")?.replace("Bearer ", "");
if (!token) {
return;
}
let signedToken = "";
if (token.includes(".")) {
signedToken = token.replace("=", "");
} else {
if (options?.requireSignature) {
return;
}
signedToken = (
await serializeSignedCookie("", token, c.context.secret)
).replace("=", "");
}
try {
const decodedToken = decodeURIComponent(signedToken);
const isValid = await createHMAC(
"SHA-256",
"base64urlnopad",
).verify(
c.context.secret,
decodedToken.split(".")[0]!,
decodedToken.split(".")[1]!,
);
if (!isValid) {
return;
}
} catch (e) {
return;
}
const existingHeaders = (c.request?.headers ||
c.headers) as Headers;
const headers = new Headers({
...Object.fromEntries(existingHeaders?.entries()),
});
headers.append(
"cookie",
`${c.context.authCookies.sessionToken.name}=${signedToken}`,
);
return {
context: {
headers,
},
};
}),
},
],
after: [
{
matcher(context) {
return true;
},
handler: createAuthMiddleware(async (ctx) => {
const setCookie = ctx.context.responseHeaders?.get("set-cookie");
if (!setCookie) {
return;
}
const parsedCookies = parseSetCookieHeader(setCookie);
const cookieName = ctx.context.authCookies.sessionToken.name;
const sessionCookie = parsedCookies.get(cookieName);
if (
!sessionCookie ||
!sessionCookie.value ||
sessionCookie["max-age"] === 0
) {
return;
}
const token = sessionCookie.value;
const exposedHeaders =
ctx.context.responseHeaders?.get(
"access-control-expose-headers",
) || "";
const headersSet = new Set(
exposedHeaders
.split(",")
.map((header) => header.trim())
.filter(Boolean),
);
headersSet.add("set-auth-token");
ctx.setHeader("set-auth-token", token);
ctx.setHeader(
"Access-Control-Expose-Headers",
Array.from(headersSet).join(", "),
);
}),
},
],
},
} satisfies BetterAuthPlugin;
};
```
--------------------------------------------------------------------------------
/docs/content/docs/plugins/dub.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Dub
description: Better Auth Plugin for Lead Tracking using Dub links and OAuth Linking
---
[Dub](https://dub.co/) is an open source modern link management platform for entrepreneurs, creators, and growth teams.
This plugins allows you to track leads when a user signs up using a Dub link. It also adds OAuth linking support to allow you to build integrations extending Dub's linking management infrastructure.
## Installation
<Steps>
<Step>
### Install the plugin
First, install the plugin:
```package-install
@dub/better-auth
```
</Step>
<Step>
### Install the Dub SDK
Next, install the Dub SDK on your server:
```package-install
dub
```
</Step>
<Step>
### Configure the plugin
Add the plugin to your auth config:
```ts title="auth.ts"
import { betterAuth } from "better-auth"
import { dubAnalytics } from "@dub/better-auth"
import { dub } from "dub"
export const auth = betterAuth({
plugins: [
dubAnalytics({
dubClient: new Dub()
})
]
})
```
</Step>
</Steps>
## Usage
### Lead Tracking
By default, the plugin will track sign up events as leads. You can disable this by setting `disableLeadTracking` to `true`.
```ts
import { dubAnalytics } from "@dub/better-auth";
import { betterAuth } from "better-auth";
import { Dub } from "dub";
const dub = new Dub();
const betterAuth = betterAuth({
plugins: [
dubAnalytics({
dubClient: dub,
disableLeadTracking: true, // Disable lead tracking
}),
],
});
```
### OAuth Linking
The plugin supports OAuth for account linking.
First, you need to setup OAuth app in Dub. Dub supports OAuth 2.0 authentication, which is recommended if you build integrations extending Dub’s functionality [Learn more about OAuth](https://dub.co/docs/integrations/quickstart#integrating-via-oauth-2-0-recommended).
Once you get the client ID and client secret, you can configure the plugin.
```ts
dubAnalytics({
dubClient: dub,
oauth: {
clientId: "your-client-id",
clientSecret: "your-client-secret",
},
});
```
And in the client, you need to use the `dubAnalyticsClient` plugin.
```ts
import { createAuthClient } from "better-auth/client";
import { dubAnalyticsClient } from "@dub/better-auth/client";
const authClient = createAuthClient({
plugins: [dubAnalyticsClient()],
});
```
To link account with Dub, you need to use the `dub.link`.
<APIMethod path="/dub/link" method="POST" requireSession>
```ts
type dubLink = {
/**
* URL to redirect to after linking
* @clientOnly
*/
callbackURL: string = "/dashboard"
}
```
</APIMethod>
## Options
You can pass the following options to the plugin:
### `dubClient`
The Dub client instance.
### `disableLeadTracking`
Disable lead tracking for sign up events.
### `leadEventName`
Event name for sign up leads.
### `customLeadTrack`
Custom lead track function.
### `oauth`
Dub OAuth configuration.
### `oauth.clientId`
Client ID for Dub OAuth.
### `oauth.clientSecret`
Client secret for Dub OAuth.
### `oauth.pkce`
Enable PKCE for Dub OAuth.
```
--------------------------------------------------------------------------------
/packages/better-auth/src/client/proxy.ts:
--------------------------------------------------------------------------------
```typescript
import type { BetterFetch, BetterFetchOption } from "@better-fetch/fetch";
import type { Atom, PreinitializedWritableAtom } from "nanostores";
import type { ProxyRequest } from "./path-to-object";
import type { BetterAuthClientPlugin } from "@better-auth/core";
import { isAtom } from "../utils/is-atom";
function getMethod(
path: string,
knownPathMethods: Record<string, "POST" | "GET">,
args:
| { fetchOptions?: BetterFetchOption; query?: Record<string, any> }
| undefined,
) {
const method = knownPathMethods[path];
const { fetchOptions, query, ...body } = args || {};
if (method) {
return method;
}
if (fetchOptions?.method) {
return fetchOptions.method;
}
if (body && Object.keys(body).length > 0) {
return "POST";
}
return "GET";
}
export type AuthProxySignal = {
atom: PreinitializedWritableAtom<boolean>;
matcher: (path: string) => boolean;
};
export function createDynamicPathProxy<T extends Record<string, any>>(
routes: T,
client: BetterFetch,
knownPathMethods: Record<string, "POST" | "GET">,
atoms: Record<string, Atom>,
atomListeners: BetterAuthClientPlugin["atomListeners"],
): T {
function createProxy(path: string[] = []): any {
return new Proxy(function () {}, {
get(_, prop) {
if (typeof prop !== "string") {
return undefined;
}
if (prop === "then" || prop === "catch" || prop === "finally") {
return undefined;
}
const fullPath = [...path, prop];
let current: any = routes;
for (const segment of fullPath) {
if (current && typeof current === "object" && segment in current) {
current = current[segment];
} else {
current = undefined;
break;
}
}
if (typeof current === "function") {
return current;
}
if (isAtom(current)) {
return current;
}
return createProxy(fullPath);
},
apply: async (_, __, args) => {
const routePath =
"/" +
path
.map((segment) =>
segment.replace(/[A-Z]/g, (letter) => `-${letter.toLowerCase()}`),
)
.join("/");
const arg = (args[0] || {}) as ProxyRequest;
const fetchOptions = (args[1] || {}) as BetterFetchOption;
const { query, fetchOptions: argFetchOptions, ...body } = arg;
const options = {
...fetchOptions,
...argFetchOptions,
} as BetterFetchOption;
const method = getMethod(routePath, knownPathMethods, arg);
return await client(routePath, {
...options,
body:
method === "GET"
? undefined
: {
...body,
...(options?.body || {}),
},
query: query || options?.query,
method,
async onSuccess(context) {
await options?.onSuccess?.(context);
if (!atomListeners) return;
/**
* We trigger listeners
*/
const matches = atomListeners.filter((s) => s.matcher(routePath));
if (!matches.length) return;
for (const match of matches) {
const signal = atoms[match.signal as any];
if (!signal) return;
/**
* To avoid race conditions we set the signal in a setTimeout
*/
const val = signal.get();
setTimeout(() => {
//@ts-expect-error
signal.set(!val);
}, 10);
}
},
});
},
});
}
return createProxy() as T;
}
```
--------------------------------------------------------------------------------
/demo/nextjs/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "@better-auth/demo",
"version": "0.1.0",
"private": true,
"scripts": {
"dev": "next dev",
"dev:secure": "next dev --experimental-https",
"typecheck": "tsc --noEmit",
"build": "next build",
"start": "next start",
"lint": "next lint"
},
"dependencies": {
"@better-auth/sso": "workspace:*",
"@better-auth/stripe": "workspace:*",
"@better-fetch/fetch": "catalog:",
"@hookform/resolvers": "^5.2.1",
"@libsql/client": "^0.8.1",
"@libsql/kysely-libsql": "^0.4.1",
"@number-flow/react": "^0.5.10",
"@prisma/adapter-libsql": "^5.22.0",
"@prisma/client": "^5.22.0",
"@radix-ui/react-accordion": "^1.2.12",
"@radix-ui/react-alert-dialog": "^1.1.15",
"@radix-ui/react-aspect-ratio": "^1.1.7",
"@radix-ui/react-avatar": "^1.1.10",
"@radix-ui/react-checkbox": "^1.3.3",
"@radix-ui/react-collapsible": "^1.1.12",
"@radix-ui/react-context-menu": "^2.2.16",
"@radix-ui/react-dialog": "^1.1.15",
"@radix-ui/react-dropdown-menu": "^2.1.16",
"@radix-ui/react-hover-card": "^1.1.15",
"@radix-ui/react-icons": "^1.3.2",
"@radix-ui/react-label": "^2.1.7",
"@radix-ui/react-menubar": "^1.1.16",
"@radix-ui/react-navigation-menu": "^1.2.14",
"@radix-ui/react-popover": "^1.1.15",
"@radix-ui/react-progress": "^1.1.7",
"@radix-ui/react-radio-group": "^1.3.8",
"@radix-ui/react-scroll-area": "^1.2.10",
"@radix-ui/react-select": "^2.2.6",
"@radix-ui/react-separator": "^1.1.7",
"@radix-ui/react-slider": "^1.3.6",
"@radix-ui/react-slot": "^1.2.3",
"@radix-ui/react-switch": "^1.2.6",
"@radix-ui/react-tabs": "^1.1.13",
"@radix-ui/react-toast": "^1.2.15",
"@radix-ui/react-toggle": "^1.1.10",
"@radix-ui/react-toggle-group": "^1.1.11",
"@radix-ui/react-tooltip": "^1.2.8",
"@react-email/components": "^0.5.1",
"@tanstack/react-query": "^5.85.9",
"@types/better-sqlite3": "^7.6.13",
"better-auth": "workspace:*",
"better-call": "catalog:",
"better-sqlite3": "^12.2.0",
"canvas-confetti": "^1.9.3",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"cmdk": "1.1.1",
"consola": "^3.4.2",
"date-fns": "^4.1.0",
"embla-carousel-react": "^8.6.0",
"framer-motion": "^12.23.12",
"geist": "^1.4.2",
"input-otp": "^1.4.2",
"kysely": "^0.28.5",
"lucide-react": "^0.542.0",
"mini-svg-data-uri": "^1.4.4",
"mysql2": "^3.14.4",
"next": "16.0.0-beta.0",
"next-themes": "^0.4.6",
"prisma": "^5.22.0",
"react": "19.2.0",
"react-day-picker": "9.9.0",
"react-dom": "19.2.0",
"react-hook-form": "^7.62.0",
"react-qr-code": "^2.0.18",
"react-resizable-panels": "^3.0.5",
"recharts": "^3.1.2",
"resend": "^6.0.2",
"server-only": "^0.0.1",
"shiki": "^3.12.2",
"sonner": "^2.0.7",
"stripe": "^18.5.0",
"tailwind-merge": "^3.3.1",
"ua-parser-js": "^2.0.4",
"vaul": "^1.1.2",
"zod": "^4.1.5"
},
"devDependencies": {
"@tailwindcss/postcss": "^4.1.13",
"@types/canvas-confetti": "^1.9.0",
"@types/react": "^19.2.2",
"@types/react-dom": "^19.2.2",
"@types/ua-parser-js": "^0.7.39",
"postcss": "^8.5.6",
"tailwindcss": "^4.1.13",
"tw-animate-css": "^1.3.8"
}
}
```
--------------------------------------------------------------------------------
/packages/core/src/env/logger.ts:
--------------------------------------------------------------------------------
```typescript
import { getColorDepth } from "./color-depth";
export const TTY_COLORS = {
reset: "\x1b[0m",
bright: "\x1b[1m",
dim: "\x1b[2m",
undim: "\x1b[22m",
underscore: "\x1b[4m",
blink: "\x1b[5m",
reverse: "\x1b[7m",
hidden: "\x1b[8m",
fg: {
black: "\x1b[30m",
red: "\x1b[31m",
green: "\x1b[32m",
yellow: "\x1b[33m",
blue: "\x1b[34m",
magenta: "\x1b[35m",
cyan: "\x1b[36m",
white: "\x1b[37m",
},
bg: {
black: "\x1b[40m",
red: "\x1b[41m",
green: "\x1b[42m",
yellow: "\x1b[43m",
blue: "\x1b[44m",
magenta: "\x1b[45m",
cyan: "\x1b[46m",
white: "\x1b[47m",
},
} as const;
export type LogLevel = "info" | "success" | "warn" | "error" | "debug";
export const levels = ["info", "success", "warn", "error", "debug"] as const;
export function shouldPublishLog(
currentLogLevel: LogLevel,
logLevel: LogLevel,
): boolean {
return levels.indexOf(logLevel) <= levels.indexOf(currentLogLevel);
}
export interface Logger {
disabled?: boolean;
disableColors?: boolean;
level?: Exclude<LogLevel, "success">;
log?: (
level: Exclude<LogLevel, "success">,
message: string,
...args: any[]
) => void;
}
export type LogHandlerParams = Parameters<NonNullable<Logger["log"]>> extends [
LogLevel,
...infer Rest,
]
? Rest
: never;
const levelColors: Record<LogLevel, string> = {
info: TTY_COLORS.fg.blue,
success: TTY_COLORS.fg.green,
warn: TTY_COLORS.fg.yellow,
error: TTY_COLORS.fg.red,
debug: TTY_COLORS.fg.magenta,
};
const formatMessage = (
level: LogLevel,
message: string,
colorsEnabled: boolean,
): string => {
const timestamp = new Date().toISOString();
if (colorsEnabled) {
return `${TTY_COLORS.dim}${timestamp}${TTY_COLORS.reset} ${
levelColors[level]
}${level.toUpperCase()}${TTY_COLORS.reset} ${TTY_COLORS.bright}[Better Auth]:${
TTY_COLORS.reset
} ${message}`;
}
return `${timestamp} ${level.toUpperCase()} [Better Auth]: ${message}`;
};
export type InternalLogger = {
[K in LogLevel]: (...params: LogHandlerParams) => void;
} & {
get level(): LogLevel;
};
export const createLogger = (options?: Logger): InternalLogger => {
const enabled = options?.disabled !== true;
const logLevel = options?.level ?? "error";
const isDisableColorsSpecified = options?.disableColors !== undefined;
const colorsEnabled = isDisableColorsSpecified
? !options.disableColors
: getColorDepth() !== 1;
const LogFunc = (
level: LogLevel,
message: string,
args: any[] = [],
): void => {
if (!enabled || !shouldPublishLog(logLevel, level)) {
return;
}
const formattedMessage = formatMessage(level, message, colorsEnabled);
if (!options || typeof options.log !== "function") {
if (level === "error") {
console.error(formattedMessage, ...args);
} else if (level === "warn") {
console.warn(formattedMessage, ...args);
} else {
console.log(formattedMessage, ...args);
}
return;
}
options.log(level === "success" ? "info" : level, message, ...args);
};
const logger = Object.fromEntries(
levels.map((level) => [
level,
(...[message, ...args]: LogHandlerParams) =>
LogFunc(level, message, args),
]),
) as Record<LogLevel, (...params: LogHandlerParams) => void>;
return {
...logger,
get level() {
return logLevel;
},
};
};
export const logger = createLogger();
```
--------------------------------------------------------------------------------
/docs/content/docs/plugins/oauth-proxy.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: OAuth Proxy
description: OAuth Proxy plugin for Better Auth
---
A proxy plugin, that allows you to proxy OAuth requests. Useful for development and preview deployments where the redirect URL can't be known in advance to add to the OAuth provider.
## Installation
<Steps>
<Step>
### Add the plugin to your **auth** config
```ts title="auth.ts"
import { betterAuth } from "better-auth"
import { oAuthProxy } from "better-auth/plugins"
export const auth = betterAuth({
plugins: [ // [!code highlight]
oAuthProxy({ // [!code highlight]
productionURL: "https://my-main-app.com", // Optional - if the URL isn't inferred correctly // [!code highlight]
currentURL: "http://localhost:3000", // Optional - if the URL isn't inferred correctly // [!code highlight]
}), // [!code highlight]
] // [!code highlight]
})
```
</Step>
<Step>
### Add redirect URL to your OAuth provider
For the proxy server to work properly, you’ll need to pass the redirect URL of your main production app registered with the OAuth provider in your social provider config. This needs to be done for each social provider you want to proxy requests for.
```ts
export const auth = betterAuth({
plugins: [
oAuthProxy(),
],
socialProviders: {
github: {
clientId: "your-client-id",
clientSecret: "your-client-secret",
redirectURI: "https://my-main-app.com/api/auth/callback/github" // [!code highlight]
}
}
})
```
</Step>
</Steps>
## How it works
The plugin adds an endpoint to your server that proxies OAuth requests. When you initiate a social sign-in, it sets the redirect URL to this proxy endpoint. After the OAuth provider redirects back to your server, the plugin then forwards the user to the original callback URL.
```ts
await authClient.signIn.social({
provider: "github",
callbackURL: "/dashboard" // the plugin will override this to something like "http://localhost:3000/api/auth/oauth-proxy?callbackURL=/dashboard"
})
```
When the OAuth provider returns the user to your server, the plugin automatically redirects them to the intended callback URL.
To share cookies between the proxy server and your main server it uses URL query parameters to pass the cookies encrypted in the URL. This is secure as the cookies are encrypted and can only be decrypted by the server.
<Callout type="warn">
This plugin requires skipping the state cookie check. This has security implications and should only be used in dev or staging environments. If `baseURL` and `productionURL` are the same, the plugin will not proxy the request.
</Callout>
## Options
**currentURL**: The application's current URL is automatically determined by the plugin. It first checks for the request URL if invoked by a client, then it checks the base URL from popular hosting providers, and finally falls back to the `baseURL` in your auth config. If the URL isn’t inferred correctly, you can specify it manually here.
**productionURL**: If this value matches the `baseURL` in your auth config, requests will not be proxied. Defaults to the `BETTER_AUTH_URL` environment variable.
```
--------------------------------------------------------------------------------
/docs/content/docs/integrations/express.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Express Integration
description: Integrate Better Auth with Express.
---
This guide will show you how to integrate Better Auth with [express.js](https://expressjs.com/).
Before you start, make sure you have a Better Auth instance configured. If you haven't done that yet, check out the [installation](/docs/installation).
<Callout>
Note that CommonJS (cjs) isn't supported. Use ECMAScript Modules (ESM) by setting `"type": "module"` in your `package.json` or configuring your `tsconfig.json` to use ES modules.
</Callout>
### Mount the handler
To enable Better Auth to handle requests, we need to mount the handler to an API route. Create a catch-all route to manage all requests to `/api/auth/*` in case of ExpressJS v4 or `/api/auth/*splat` in case of ExpressJS v5 (or any other path specified in your Better Auth options).
<Callout type="warn">
Don’t use `express.json()` before the Better Auth handler. Use it only for other routes, or the client API will get stuck on "pending".
</Callout>
```ts title="server.ts"
import express from "express";
import { toNodeHandler } from "better-auth/node";
import { auth } from "./auth";
const app = express();
const port = 3005;
app.all("/api/auth/*", toNodeHandler(auth)); // For ExpressJS v4
// app.all("/api/auth/*splat", toNodeHandler(auth)); For ExpressJS v5
// Mount express json middleware after Better Auth handler
// or only apply it to routes that don't interact with Better Auth
app.use(express.json());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`);
});
```
After completing the setup, start your server. Better Auth will be ready to use. You can send a `GET` request to the `/ok` endpoint (`/api/auth/ok`) to verify that the server is running.
### Cors Configuration
To add CORS (Cross-Origin Resource Sharing) support to your Express server when integrating Better Auth, you can use the `cors` middleware. Below is an updated example showing how to configure CORS for your server:
```ts
import express from "express";
import cors from "cors"; // Import the CORS middleware
import { toNodeHandler, fromNodeHeaders } from "better-auth/node";
import { auth } from "./auth";
const app = express();
const port = 3005;
// Configure CORS middleware
app.use(
cors({
origin: "http://your-frontend-domain.com", // Replace with your frontend's origin
methods: ["GET", "POST", "PUT", "DELETE"], // Specify allowed HTTP methods
credentials: true, // Allow credentials (cookies, authorization headers, etc.)
})
);
```
### Getting the User Session
To retrieve the user's session, you can use the `getSession` method provided by the `auth` object. This method requires the request headers to be passed in a specific format. To simplify this process, Better Auth provides a `fromNodeHeaders` helper function that converts Node.js request headers to the format expected by Better Auth (a `Headers` object).
Here's an example of how to use `getSession` in an Express route:
```ts title="server.ts"
import { fromNodeHeaders } from "better-auth/node";
import { auth } from "./auth"; // Your Better Auth instance
app.get("/api/me", async (req, res) => {
const session = await auth.api.getSession({
headers: fromNodeHeaders(req.headers),
});
return res.json(session);
});
```
```
--------------------------------------------------------------------------------
/docs/content/docs/concepts/api.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: API
description: Better Auth API.
---
When you create a new Better Auth instance, it provides you with an `api` object. This object exposes every endpoint that exists in your Better Auth instance. And you can use this to interact with Better Auth server side.
Any endpoint added to Better Auth, whether from plugins or the core, will be accessible through the `api` object.
## Calling API Endpoints on the Server
To call an API endpoint on the server, import your `auth` instance and call the endpoint using the `api` object.
```ts title="server.ts"
import { betterAuth } from "better-auth";
import { headers } from "next/headers";
export const auth = betterAuth({
//...
})
// calling get session on the server
await auth.api.getSession({
headers: await headers() // some endpoints might require headers
})
```
### Body, Headers, Query
Unlike the client, the server needs the values to be passed as an object with the key `body` for the body, `headers` for the headers, and `query` for query parameters.
```ts title="server.ts"
await auth.api.getSession({
headers: await headers()
})
await auth.api.signInEmail({
body: {
email: "[email protected]",
password: "password"
},
headers: await headers() // optional but would be useful to get the user IP, user agent, etc.
})
await auth.api.verifyEmail({
query: {
token: "my_token"
}
})
```
<Callout>
Better Auth API endpoints are built on top of [better-call](https://github.com/bekacru/better-call), a tiny web framework that lets you call REST API endpoints as if they were regular functions and allows us to easily infer client types from the server.
</Callout>
### Getting `headers` and `Response` Object
When you invoke an API endpoint on the server, it will return a standard JavaScript object or array directly as it's just a regular function call.
But there are times when you might want to get the `headers` or the `Response` object instead. For example, if you need to get the cookies or the headers.
#### Getting `headers`
To get the `headers`, you can pass the `returnHeaders` option to the endpoint.
```ts
const { headers, response } = await auth.api.signUpEmail({
returnHeaders: true,
body: {
email: "[email protected]",
password: "password",
name: "John Doe",
},
});
```
The `headers` will be a `Headers` object, which you can use to get the cookies or the headers.
```ts
const cookies = headers.get("set-cookie");
const headers = headers.get("x-custom-header");
```
#### Getting `Response` Object
To get the `Response` object, you can pass the `asResponse` option to the endpoint.
```ts title="server.ts"
const response = await auth.api.signInEmail({
body: {
email: "",
password: ""
},
asResponse: true
})
```
### Error Handling
When you call an API endpoint on the server, it will throw an error if the request fails. You can catch the error and handle it as you see fit. The error instance is an instance of `APIError`.
```ts title="server.ts"
import { APIError } from "better-auth/api";
try {
await auth.api.signInEmail({
body: {
email: "",
password: ""
}
})
} catch (error) {
if (error instanceof APIError) {
console.log(error.message, error.status)
}
}
```
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/notion.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Notion
description: Notion provider setup and usage.
---
<Steps>
<Step>
### Get your Notion credentials
To use Notion as a social provider, you need to get your Notion OAuth credentials. You can get them by creating a new integration in the [Notion Developers Portal](https://www.notion.so/my-integrations).
In the Notion integration settings > OAuth Domain & URIs, make sure to set the redirect URL to `http://localhost:3000/api/auth/callback/notion` for local development. For production, make sure to set the redirect URL as your application domain, e.g. `https://example.com/api/auth/callback/notion`. If you change the base path of the auth routes, you should update the redirect URL accordingly.
<Callout>
Make sure your Notion integration has the appropriate capabilities enabled. For user authentication, you'll need the "Read user information including email addresses" capability.
</Callout>
</Step>
<Step>
### Configure the provider
To configure the provider, you need to pass the `clientId` and `clientSecret` to `socialProviders.notion` in your auth configuration.
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
socialProviders: {
notion: { // [!code highlight]
clientId: process.env.NOTION_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.NOTION_CLIENT_SECRET as string, // [!code highlight]
}, // [!code highlight]
},
})
```
</Step>
</Steps>
## Usage
### Sign In with Notion
To sign in with Notion, you can use the `signIn.social` function provided by the client. The `signIn` function takes an object with the following properties:
- `provider`: The provider to use. It should be set to `notion`.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "notion"
})
}
```
### Notion Integration Types
Notion supports different integration types. When creating your integration, you can choose between:
- **Public integrations**: Can be installed by any Notion workspace
- **Internal integrations**: Limited to your own workspace
For most authentication use cases, you'll want to create a public integration to allow users from different workspaces to sign in.
### Requesting Additional Notion Scopes
If your application needs additional Notion capabilities after the user has already signed up, you can request them using the `linkSocial` method with the same Notion provider and additional scopes.
```ts title="auth-client.ts"
const requestNotionAccess = async () => {
await authClient.linkSocial({
provider: "notion",
// Notion automatically provides access based on integration capabilities
});
};
// Example usage in a React component
return <button onClick={requestNotionAccess}>Connect Notion Workspace</button>;
```
<Callout>
After authentication, you can use the access token to interact with the Notion API to read and write pages, databases, and other content that the user has granted access to.
</Callout>
```
--------------------------------------------------------------------------------
/packages/cli/test/__snapshots__/auth-schema-sqlite.txt:
--------------------------------------------------------------------------------
```
import { sql } from "drizzle-orm";
import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
export const custom_user = sqliteTable("custom_user", {
id: text("id").primaryKey(),
name: text("name").notNull(),
email: text("email").notNull().unique(),
emailVerified: integer("email_verified", { mode: "boolean" })
.default(false)
.notNull(),
image: text("image"),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
twoFactorEnabled: integer("two_factor_enabled", { mode: "boolean" }).default(
false,
),
username: text("username").unique(),
displayUsername: text("display_username"),
});
export const custom_session = sqliteTable("custom_session", {
id: text("id").primaryKey(),
expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
token: text("token").notNull().unique(),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
ipAddress: text("ip_address"),
userAgent: text("user_agent"),
userId: text("user_id")
.notNull()
.references(() => custom_user.id, { onDelete: "cascade" }),
});
export const custom_account = sqliteTable("custom_account", {
id: text("id").primaryKey(),
accountId: text("account_id").notNull(),
providerId: text("provider_id").notNull(),
userId: text("user_id")
.notNull()
.references(() => custom_user.id, { onDelete: "cascade" }),
accessToken: text("access_token"),
refreshToken: text("refresh_token"),
idToken: text("id_token"),
accessTokenExpiresAt: integer("access_token_expires_at", {
mode: "timestamp_ms",
}),
refreshTokenExpiresAt: integer("refresh_token_expires_at", {
mode: "timestamp_ms",
}),
scope: text("scope"),
password: text("password"),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const custom_verification = sqliteTable("custom_verification", {
id: text("id").primaryKey(),
identifier: text("identifier").notNull(),
value: text("value").notNull(),
expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const twoFactor = sqliteTable("two_factor", {
id: text("id").primaryKey(),
secret: text("secret").notNull(),
backupCodes: text("backup_codes").notNull(),
userId: text("user_id")
.notNull()
.references(() => custom_user.id, { onDelete: "cascade" }),
});
```
--------------------------------------------------------------------------------
/packages/core/src/db/type.ts:
--------------------------------------------------------------------------------
```typescript
import type { ZodType } from "zod";
import type { LiteralString } from "../types";
export type DBPreservedModels =
| "user"
| "account"
| "session"
| "verification"
| "rate-limit"
| "organization"
| "member"
| "invitation"
| "jwks"
| "passkey"
| "two-factor";
export type DBFieldType =
| "string"
| "number"
| "boolean"
| "date"
| "json"
| `${"string" | "number"}[]`
| Array<LiteralString>;
export type DBPrimitive =
| string
| number
| boolean
| Date
| null
| undefined
| string[]
| number[];
export type DBFieldAttributeConfig = {
/**
* If the field should be required on a new record.
* @default true
*/
required?: boolean;
/**
* If the value should be returned on a response body.
* @default true
*/
returned?: boolean;
/**
* If a value should be provided when creating a new record.
* @default true
*/
input?: boolean;
/**
* Default value for the field
*
* Note: This will not create a default value on the database level. It will only
* be used when creating a new record.
*/
defaultValue?: DBPrimitive | (() => DBPrimitive);
/**
* Update value for the field
*
* Note: This will create an onUpdate trigger on the database level for supported adapters.
* It will be called when updating a record.
*/
onUpdate?: () => DBPrimitive;
/**
* transform the value before storing it.
*/
transform?: {
input?: (value: DBPrimitive) => DBPrimitive | Promise<DBPrimitive>;
output?: (value: DBPrimitive) => DBPrimitive | Promise<DBPrimitive>;
};
/**
* Reference to another model.
*/
references?: {
/**
* The model to reference.
*/
model: string;
/**
* The field on the referenced model.
*/
field: string;
/**
* The action to perform when the reference is deleted.
* @default "cascade"
*/
onDelete?:
| "no action"
| "restrict"
| "cascade"
| "set null"
| "set default";
};
unique?: boolean;
/**
* If the field should be a bigint on the database instead of integer.
*/
bigint?: boolean;
/**
* A zod schema to validate the value.
*/
validator?: {
input?: ZodType;
output?: ZodType;
};
/**
* The name of the field on the database.
*/
fieldName?: string;
/**
* If the field should be sortable.
*
* applicable only for `text` type.
* It's useful to mark fields varchar instead of text.
*/
sortable?: boolean;
};
export type DBFieldAttribute<T extends DBFieldType = DBFieldType> = {
type: T;
} & DBFieldAttributeConfig;
export type BetterAuthDBSchema = Record<
string,
{
/**
* The name of the table in the database
*/
modelName: string;
/**
* The fields of the table
*/
fields: Record<string, DBFieldAttribute>;
/**
* Whether to disable migrations for this table
* @default false
*/
disableMigrations?: boolean;
/**
* The order of the table
*/
order?: number;
}
>;
export interface SecondaryStorage {
/**
*
* @param key - Key to get
* @returns - Value of the key
*/
get: (key: string) => Promise<unknown> | unknown;
set: (
/**
* Key to store
*/
key: string,
/**
* Value to store
*/
value: string,
/**
* Time to live in seconds
*/
ttl?: number,
) => Promise<void | null | unknown> | void;
/**
*
* @param key - Key to delete
*/
delete: (key: string) => Promise<void | null | string> | void;
}
```
--------------------------------------------------------------------------------
/docs/content/docs/plugins/one-time-token.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: One-Time Token Plugin
description: Generate and verify single-use token
---
The One-Time Token (OTT) plugin provides functionality to generate and verify secure, single-use session tokens. These are commonly used for across domains authentication.
## Installation
<Steps>
<Step>
### Add the plugin to your auth config
To use the One-Time Token plugin, add it to your auth config.
```ts title="auth.ts"
import { betterAuth } from "better-auth";
import { oneTimeToken } from "better-auth/plugins/one-time-token";
export const auth = betterAuth({
plugins: [
oneTimeToken()
]
// ... other auth config
});
```
</Step>
<Step>
### Add the client plugin
Next, include the one-time-token client plugin in your authentication client instance.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
import { oneTimeTokenClient } from "better-auth/client/plugins"
export const authClient = createAuthClient({
plugins: [
oneTimeTokenClient()
]
})
```
</Step>
</Steps>
## Usage
### 1. Generate a Token
Generate a token using `auth.api.generateOneTimeToken` or `authClient.oneTimeToken.generate`
<APIMethod
path="/one-time-token/generate"
method="GET"
requireSession
>
```ts
type generateOneTimeToken = {
}
```
</APIMethod>
This will return a `token` that is attached to the current session which can be used to verify the one-time token. By default, the token will expire in 3 minutes.
### 2. Verify the Token
When the user clicks the link or submits the token, use the `auth.api.verifyOneTimeToken` or `authClient.oneTimeToken.verify` method in another API route to validate it.
<APIMethod path="/one-time-token/verify" method="POST">
```ts
type verifyOneTimeToken = {
/**
* The token to verify.
*/
token: string = "some-token"
}
```
</APIMethod>
This will return the session that was attached to the token.
## Options
These options can be configured when adding the `oneTimeToken` plugin:
* **`disableClientRequest`** (boolean): Optional. If `true`, the token will only be generated on the server side. Default: `false`.
* **`expiresIn`** (number): Optional. The duration for which the token is valid in minutes. Default: `3`.
```ts
oneTimeToken({
expiresIn: 10 // 10 minutes
})
```
* **`generateToken`**: A custom token generator function that takes `session` object and a `ctx` as paramters.
* **`storeToken`**: Optional. This option allows you to configure how the token is stored in your database.
* **`plain`**: The token is stored in plain text. (Default)
* **`hashed`**: The token is hashed using the default hasher.
* **`custom-hasher`**: A custom hasher function that takes a token and returns a hashed token.
<Callout type="info">
Note: It will not affect the token that's sent, it will only affect the token stored in your database.
</Callout>
Examples:
```ts title="No hashing (default)"
oneTimeToken({
storeToken: "plain"
})
```
```ts title="built-in hasher"
oneTimeToken({
storeToken: "hashed"
})
```
```ts title="custom hasher"
oneTimeToken({
storeToken: {
type: "custom-hasher",
hash: async (token) => {
return myCustomHasher(token);
}
}
})
```
```
--------------------------------------------------------------------------------
/.github/workflows/e2e.yml:
--------------------------------------------------------------------------------
```yaml
name: E2E
on:
push:
branches: [ main, canary ]
merge_group:
pull_request:
jobs:
smoke:
name: Smoke test
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
- name: Cache turbo build setup
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: .turbo
key: ${{ runner.os }}-turbo-${{ github.sha }}
restore-keys: |
${{ runner.os }}-turbo-
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 22.x
registry-url: 'https://registry.npmjs.org'
cache: pnpm
- name: Install
run: pnpm install
- name: Build
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM || github.repository_owner }}
TURBO_CACHE: remote:rw
run: pnpm build
- name: Start Docker Containers
run: |
docker compose up -d
# Wait for services to be ready (optional)
sleep 10
- uses: oven-sh/setup-bun@v2
- uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3
with:
deno-version: v2.x
- name: Smoke
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM || github.repository_owner }}
TURBO_CACHE: remote:rw
run: pnpm e2e:smoke
- name: Stop Docker Containers
run: docker compose down
integration:
name: Integration test
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
- name: Cache turbo build setup
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: .turbo
key: ${{ runner.os }}-turbo-${{ github.sha }}
restore-keys: |
${{ runner.os }}-turbo-
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 22.x
registry-url: 'https://registry.npmjs.org'
cache: pnpm
- name: Install
run: pnpm install
- name: Install Playwright Browsers
run: pnpm exec playwright install --with-deps
working-directory: e2e/integration
- name: Build
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM || github.repository_owner }}
TURBO_CACHE: remote:rw
run: pnpm build
- name: Start Docker Containers
run: |
docker compose up -d
# Wait for services to be ready (optional)
sleep 10
- name: Integration
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM || github.repository_owner }}
TURBO_CACHE: remote:rw
run: pnpm e2e:integration
- name: Stop Docker Containers
run: docker compose down
```
--------------------------------------------------------------------------------
/docs/content/docs/authentication/cognito.mdx:
--------------------------------------------------------------------------------
```markdown
---
title: Cognito
description: Amazon Cognito provider setup and usage.
---
<Steps>
<Step>
### Get your Cognito Credentials
To integrate with Cognito, you need to set up a **User Pool** and an **App client** in the [Amazon Cognito Console](https://console.aws.amazon.com/cognito/).
Follow these steps:
1. Go to the **Cognito Console** and create a **User Pool**.
2. Under **App clients**, create a new **App client** (note the Client ID and Client Secret if enabled).
3. Go to **Domain** and set a Cognito Hosted UI domain (e.g., `your-app.auth.us-east-1.amazoncognito.com`).
4. In **App client settings**, enable:
- Allowed OAuth flows: `Authorization code grant`
- Allowed OAuth scopes: `openid`, `profile`, `email`
5. Add your callback URL (e.g., `http://localhost:3000/api/auth/callback/cognito`).
<Callout type="info">
- **User Pool is required** for Cognito authentication.
- Make sure the callback URL matches exactly what you configure in Cognito.
</Callout>
</Step>
<Step>
### Configure the provider
Configure the `cognito` key in `socialProviders` key of your `auth` instance.
```ts title="auth.ts"
import { betterAuth } from "better-auth";
export const auth = betterAuth({
socialProviders: {
cognito: {
clientId: process.env.COGNITO_CLIENT_ID as string, // [!code highlight]
clientSecret: process.env.COGNITO_CLIENT_SECRET as string, // [!code highlight]
domain: process.env.COGNITO_DOMAIN as string, // e.g. "your-app.auth.us-east-1.amazoncognito.com" [!code highlight]
region: process.env.COGNITO_REGION as string, // e.g. "us-east-1" [!code highlight]
userPoolId: process.env.COGNITO_USERPOOL_ID as string, // [!code highlight]
},
},
})
```
</Step>
<Step>
### Sign In with Cognito
To sign in with Cognito, use the `signIn.social` function from the client.
```ts title="auth-client.ts"
import { createAuthClient } from "better-auth/client"
const authClient = createAuthClient()
const signIn = async () => {
const data = await authClient.signIn.social({
provider: "cognito"
})
}
```
### Additional Options:
- `scope`: Additional OAuth2 scopes to request (combined with default permissions).
- Default: `"openid" "profile" "email"`
- Common Cognito scopes:
- `openid`: Required for OpenID Connect authentication
- `profile`: Access to basic profile info
- `email`: Access to user’s email
- `phone`: Access to user’s phone number
- `aws.cognito.signin.user.admin`: Grants access to Cognito-specific APIs
- Note: You must configure the scopes in your Cognito App Client settings. [available scopes](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html#token-endpoint-userinfo)
- `getUserInfo`: Custom function to retrieve user information from the Cognito UserInfo endpoint.
<Callout type="info">
For more information about Amazon Cognito's scopes and API capabilities, refer to the [official documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html?utm_source).
</Callout>
</Step>
</Steps>
```
--------------------------------------------------------------------------------
/packages/core/src/social-providers/slack.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
import type { OAuthProvider, ProviderOptions } from "../oauth2";
import { validateAuthorizationCode, refreshAccessToken } from "../oauth2";
export interface SlackProfile extends Record<string, any> {
ok: boolean;
sub: string;
"https://slack.com/user_id": string;
"https://slack.com/team_id": string;
email: string;
email_verified: boolean;
date_email_verified: number;
name: string;
picture: string;
given_name: string;
family_name: string;
locale: string;
"https://slack.com/team_name": string;
"https://slack.com/team_domain": string;
"https://slack.com/user_image_24": string;
"https://slack.com/user_image_32": string;
"https://slack.com/user_image_48": string;
"https://slack.com/user_image_72": string;
"https://slack.com/user_image_192": string;
"https://slack.com/user_image_512": string;
"https://slack.com/team_image_34": string;
"https://slack.com/team_image_44": string;
"https://slack.com/team_image_68": string;
"https://slack.com/team_image_88": string;
"https://slack.com/team_image_102": string;
"https://slack.com/team_image_132": string;
"https://slack.com/team_image_230": string;
"https://slack.com/team_image_default": boolean;
}
export interface SlackOptions extends ProviderOptions<SlackProfile> {
clientId: string;
}
export const slack = (options: SlackOptions) => {
return {
id: "slack",
name: "Slack",
createAuthorizationURL({ state, scopes, redirectURI }) {
const _scopes = options.disableDefaultScope
? []
: ["openid", "profile", "email"];
scopes && _scopes.push(...scopes);
options.scope && _scopes.push(...options.scope);
const url = new URL("https://slack.com/openid/connect/authorize");
url.searchParams.set("scope", _scopes.join(" "));
url.searchParams.set("response_type", "code");
url.searchParams.set("client_id", options.clientId);
url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
url.searchParams.set("state", state);
return url;
},
validateAuthorizationCode: async ({ code, redirectURI }) => {
return validateAuthorizationCode({
code,
redirectURI,
options,
tokenEndpoint: "https://slack.com/api/openid.connect.token",
});
},
refreshAccessToken: options.refreshAccessToken
? options.refreshAccessToken
: async (refreshToken) => {
return refreshAccessToken({
refreshToken,
options: {
clientId: options.clientId,
clientKey: options.clientKey,
clientSecret: options.clientSecret,
},
tokenEndpoint: "https://slack.com/api/openid.connect.token",
});
},
async getUserInfo(token) {
if (options.getUserInfo) {
return options.getUserInfo(token);
}
const { data: profile, error } = await betterFetch<SlackProfile>(
"https://slack.com/api/openid.connect.userInfo",
{
headers: {
authorization: `Bearer ${token.accessToken}`,
},
},
);
if (error) {
return null;
}
const userMap = await options.mapProfileToUser?.(profile);
return {
user: {
id: profile["https://slack.com/user_id"],
name: profile.name || "",
email: profile.email,
emailVerified: profile.email_verified,
image: profile.picture || profile["https://slack.com/user_image_512"],
...userMap,
},
data: profile,
};
},
options,
} satisfies OAuthProvider<SlackProfile>;
};
```
--------------------------------------------------------------------------------
/packages/better-auth/src/client/vue/index.ts:
--------------------------------------------------------------------------------
```typescript
import { useStore } from "./vue-store";
import type { DeepReadonly, Ref } from "vue";
import { getClientConfig } from "../config";
import { capitalizeFirstLetter } from "../../utils/misc";
import type {
InferActions,
InferClientAPI,
InferErrorCodes,
IsSignal,
} from "../types";
import type {
BetterAuthClientPlugin,
BetterAuthClientOptions,
} from "@better-auth/core";
import { createDynamicPathProxy } from "../proxy";
import type { PrettifyDeep, UnionToIntersection } from "../../types/helper";
import type {
BetterFetchError,
BetterFetchResponse,
} from "@better-fetch/fetch";
import type { BASE_ERROR_CODES } from "@better-auth/core/error";
function getAtomKey(str: string) {
return `use${capitalizeFirstLetter(str)}`;
}
type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
plugins: Array<infer Plugin>;
}
? UnionToIntersection<
Plugin extends BetterAuthClientPlugin
? Plugin["getAtoms"] extends (fetch: any) => infer Atoms
? Atoms extends Record<string, any>
? {
[key in keyof Atoms as IsSignal<key> extends true
? never
: key extends string
? `use${Capitalize<key>}`
: never]: () => DeepReadonly<
Ref<ReturnType<Atoms[key]["get"]>>
>;
}
: {}
: {}
: {}
>
: {};
export function createAuthClient<Option extends BetterAuthClientOptions>(
options?: Option,
) {
const {
baseURL,
pluginPathMethods,
pluginsActions,
pluginsAtoms,
$fetch,
$store,
atomListeners,
} = getClientConfig(options, false);
let resolvedHooks: Record<string, any> = {};
for (const [key, value] of Object.entries(pluginsAtoms)) {
resolvedHooks[getAtomKey(key)] = () => useStore(value);
}
type ClientAPI = InferClientAPI<Option>;
type Session = ClientAPI extends {
getSession: () => Promise<infer Res>;
}
? Res extends BetterFetchResponse<infer S>
? S
: Res extends Record<string, any>
? Res
: never
: never;
function useSession(): DeepReadonly<
Ref<{
data: Session;
isPending: boolean;
isRefetching: boolean;
error: BetterFetchError | null;
}>
>;
function useSession<F extends (...args: any) => any>(
useFetch: F,
): Promise<{
data: Ref<Session>;
isPending: false; //this is just to be consistent with the default hook
error: Ref<{
message?: string;
status: number;
statusText: string;
}>;
}>;
function useSession<UseFetch extends <T>(...args: any) => any>(
useFetch?: UseFetch,
) {
if (useFetch) {
const ref = useStore(pluginsAtoms.$sessionSignal!);
return useFetch(`${baseURL}/get-session`, {
ref,
}).then((res: any) => {
return {
data: res.data,
isPending: false,
error: res.error,
};
});
}
return resolvedHooks.useSession();
}
const routes = {
...pluginsActions,
...resolvedHooks,
useSession,
$fetch,
$store,
};
const proxy = createDynamicPathProxy(
routes,
$fetch,
pluginPathMethods,
pluginsAtoms,
atomListeners,
);
return proxy as UnionToIntersection<InferResolvedHooks<Option>> &
InferClientAPI<Option> &
InferActions<Option> & {
useSession: typeof useSession;
$Infer: {
Session: NonNullable<Session>;
};
$fetch: typeof $fetch;
$store: typeof $store;
$ERROR_CODES: PrettifyDeep<
InferErrorCodes<Option> & typeof BASE_ERROR_CODES
>;
};
}
export type * from "@better-fetch/fetch";
export type * from "nanostores";
```
--------------------------------------------------------------------------------
/docs/app/blog/_components/_layout.tsx:
--------------------------------------------------------------------------------
```typescript
import { useId } from "react";
import { Intro, IntroFooter } from "./changelog-layout";
import { StarField } from "./stat-field";
function Timeline() {
let id = useId();
return (
<div className="pointer-events-none absolute inset-0 z-50 overflow-hidden lg:right-[calc(max(2rem,50%-38rem)+40rem)] lg:min-w-[32rem] lg:overflow-visible">
<svg
className="absolute left-[max(0px,calc(50%-18.125rem))] top-0 h-full w-1.5 lg:left-full lg:ml-1 xl:left-auto xl:right-1 xl:ml-0"
aria-hidden="true"
>
<defs>
<pattern id={id} width="6" height="8" patternUnits="userSpaceOnUse">
<path
d="M0 0H6M0 8H6"
className="stroke-sky-900/10 xl:stroke-white/10 dark:stroke-white/10"
fill="none"
/>
</pattern>
</defs>
<rect width="100%" height="100%" fill={`url(#${id})`} />
</svg>
someone is
</div>
);
}
function Glow() {
let id = useId();
return (
<div className="absolute inset-0 overflow-hidden lg:right-[calc(max(2rem,50%-38rem)+40rem)] lg:min-w-[32rem]">
<svg
className="absolute -bottom-48 left-[-40%] h-[80rem] w-[180%] lg:-right-40 lg:bottom-auto lg:left-auto lg:top-[-40%] lg:h-[180%] lg:w-[80rem]"
aria-hidden="true"
>
<defs>
<radialGradient id={`${id}-desktop`} cx="100%">
<stop offset="0%" stopColor="rgba(214, 211, 209, 0.6)" />
<stop offset="53.95%" stopColor="rgba(214, 200, 209, 0.09)" />
<stop offset="100%" stopColor="rgba(10, 14, 23, 0)" />
</radialGradient>
<radialGradient id={`${id}-mobile`} cy="100%">
<stop offset="0%" stopColor="rgba(56, 189, 248, 0.3)" />
<stop offset="53.95%" stopColor="rgba(0, 71, 255, 0.09)" />
<stop offset="100%" stopColor="rgba(10, 14, 23, 0)" />
</radialGradient>
</defs>
<rect
width="100%"
height="100%"
fill={`url(#${id}-desktop)`}
className="hidden lg:block"
/>
<rect
width="100%"
height="100%"
fill={`url(#${id}-mobile)`}
className="lg:hidden"
/>
</svg>
<div className="absolute inset-x-0 bottom-0 right-0 h-px bg-white mix-blend-overlay lg:left-auto lg:top-0 lg:h-auto lg:w-px" />
</div>
);
}
function FixedSidebar({
main,
footer,
}: {
main: React.ReactNode;
footer: React.ReactNode;
}) {
return (
<div className="relative flex-none overflow-hidden px-10 lg:pointer-events-none lg:fixed lg:inset-0 lg:z-40 lg:flex lg:px-0">
<Glow />
<div className="relative flex w-full lg:pointer-events-auto lg:mr-[calc(max(2rem,50%-35rem)+40rem)] lg:min-w-[32rem] lg:overflow-y-auto lg:overflow-x-hidden lg:pl-[max(4rem,calc(50%-38rem))]">
<div className="mx-auto max-w-lg lg:mx-auto lg:flex lg:max-w-4xl lg:flex-col lg:before:flex-1 lg:before:pt-6">
<div className="pb-16 pt-20 sm:pb-20 sm:pt-32 lg:py-20">
<div className="relative pr-10">
<StarField className="-right-44 top-14" />
{main}
</div>
</div>
<div className="flex flex-1 items-end justify-center pb-4 lg:justify-start lg:pb-6">
{footer}
</div>
</div>
</div>
</div>
);
}
export function Layout({ children }: { children: React.ReactNode }) {
return (
<>
<FixedSidebar main={<Intro />} footer={<IntroFooter />} />
<div />
<div className="relative flex-auto">
<Timeline />
<main className="grid grid-cols-12 col-span-5 ml-auto space-y-20 py-20 sm:space-y-32 sm:py-32">
{children}
</main>
</div>
</>
);
}
```
--------------------------------------------------------------------------------
/docs/app/changelogs/_components/_layout.tsx:
--------------------------------------------------------------------------------
```typescript
import { useId } from "react";
import { Intro, IntroFooter } from "./changelog-layout";
import { StarField } from "./stat-field";
function Timeline() {
let id = useId();
return (
<div className="pointer-events-none absolute inset-0 z-50 overflow-hidden lg:right-[calc(max(2rem,50%-38rem)+40rem)] lg:min-w-[32rem] lg:overflow-visible">
<svg
className="absolute left-[max(0px,calc(50%-18.125rem))] top-0 h-full w-1.5 lg:left-full lg:ml-1 xl:left-auto xl:right-1 xl:ml-0"
aria-hidden="true"
>
<defs>
<pattern id={id} width="6" height="8" patternUnits="userSpaceOnUse">
<path
d="M0 0H6M0 8H6"
className="stroke-sky-900/10 xl:stroke-white/10 dark:stroke-white/10"
fill="none"
/>
</pattern>
</defs>
<rect width="100%" height="100%" fill={`url(#${id})`} />
</svg>
someone is
</div>
);
}
function Glow() {
let id = useId();
return (
<div className="absolute inset-0 overflow-hidden lg:right-[calc(max(2rem,50%-38rem)+40rem)] lg:min-w-[32rem]">
<svg
className="absolute -bottom-48 left-[-40%] h-[80rem] w-[180%] lg:-right-40 lg:bottom-auto lg:left-auto lg:top-[-40%] lg:h-[180%] lg:w-[80rem]"
aria-hidden="true"
>
<defs>
<radialGradient id={`${id}-desktop`} cx="100%">
<stop offset="0%" stopColor="rgba(214, 211, 209, 0.6)" />
<stop offset="53.95%" stopColor="rgba(214, 200, 209, 0.09)" />
<stop offset="100%" stopColor="rgba(10, 14, 23, 0)" />
</radialGradient>
<radialGradient id={`${id}-mobile`} cy="100%">
<stop offset="0%" stopColor="rgba(56, 189, 248, 0.3)" />
<stop offset="53.95%" stopColor="rgba(0, 71, 255, 0.09)" />
<stop offset="100%" stopColor="rgba(10, 14, 23, 0)" />
</radialGradient>
</defs>
<rect
width="100%"
height="100%"
fill={`url(#${id}-desktop)`}
className="hidden lg:block"
/>
<rect
width="100%"
height="100%"
fill={`url(#${id}-mobile)`}
className="lg:hidden"
/>
</svg>
<div className="absolute inset-x-0 bottom-0 right-0 h-px bg-white mix-blend-overlay lg:left-auto lg:top-0 lg:h-auto lg:w-px" />
</div>
);
}
function FixedSidebar({
main,
footer,
}: {
main: React.ReactNode;
footer: React.ReactNode;
}) {
return (
<div className="relative flex-none overflow-hidden px-10 lg:pointer-events-none lg:fixed lg:inset-0 lg:z-40 lg:flex lg:px-0">
<Glow />
<div className="relative flex w-full lg:pointer-events-auto lg:mr-[calc(max(2rem,50%-35rem)+40rem)] lg:min-w-[32rem] lg:overflow-y-auto lg:overflow-x-hidden lg:pl-[max(4rem,calc(50%-38rem))]">
<div className="mx-auto max-w-lg lg:mx-auto lg:flex lg:max-w-4xl lg:flex-col lg:before:flex-1 lg:before:pt-6">
<div className="pb-16 pt-20 sm:pb-20 sm:pt-32 lg:py-20">
<div className="relative pr-10">
<StarField className="-right-44 top-14" />
{main}
</div>
</div>
<div className="flex flex-1 items-end justify-center pb-4 lg:justify-start lg:pb-6">
{footer}
</div>
</div>
</div>
</div>
);
}
export function Layout({ children }: { children: React.ReactNode }) {
return (
<>
<FixedSidebar main={<Intro />} footer={<IntroFooter />} />
<div />
<div className="relative flex-auto">
<Timeline />
<main className="grid grid-cols-12 col-span-5 ml-auto space-y-20 py-20 sm:space-y-32 sm:py-32">
{children}
</main>
</div>
</>
);
}
```
--------------------------------------------------------------------------------
/demo/nextjs/tailwind.config.ts:
--------------------------------------------------------------------------------
```typescript
import type { Config } from "tailwindcss";
const svgToDataUri = require("mini-svg-data-uri");
const colors = require("tailwindcss/colors");
const {
default: flattenColorPalette,
} = require("tailwindcss/lib/util/flattenColorPalette");
const config = {
darkMode: ["class", '[data-theme="dark"]'],
content: [
"./pages/**/*.{ts,tsx}",
"./components/**/*.{ts,tsx}",
"./app/**/*.{ts,tsx}",
"./src/**/*.{ts,tsx}",
],
prefix: "",
theme: {
container: {
center: true,
padding: "2rem",
screens: {
"2xl": "1400px",
},
},
extend: {
colors: {
border: "var(--border)",
input: "var(--input)",
ring: "var(--ring)",
background: "var(--background)",
foreground: "var(--foreground)",
primary: {
DEFAULT: "var(--primary)",
foreground: "var(--primary-foreground)",
},
secondary: {
DEFAULT: "var(--secondary)",
foreground: "var(--secondary-foreground)",
},
destructive: {
DEFAULT: "var(--destructive)",
foreground: "var(--destructive-foreground)",
},
muted: {
DEFAULT: "var(--muted)",
foreground: "var(--muted-foreground)",
},
accent: {
DEFAULT: "var(--accent)",
foreground: "var(--accent-foreground)",
},
popover: {
DEFAULT: "var(--popover)",
foreground: "var(--popover-foreground)",
},
card: {
DEFAULT: "var(--card)",
foreground: "var(--card-foreground)",
},
},
borderRadius: {
lg: "var(--radius)",
md: "calc(var(--radius) - 2px)",
sm: "calc(var(--radius) - 4px)",
},
keyframes: {
"accordion-down": {
from: { height: "0" },
to: { height: "var(--radix-accordion-content-height)" },
},
"accordion-up": {
from: { height: "var(--radix-accordion-content-height)" },
to: { height: "0" },
},
},
animation: {
"accordion-down": "accordion-down 0.2s ease-out",
"accordion-up": "accordion-up 0.2s ease-out",
},
boxShadow: {
input: `0px 2px 3px -1px rgba(0,0,0,0.1), 0px 1px 0px 0px rgba(25,28,33,0.02), 0px 0px 0px 1px rgba(25,28,33,0.08)`,
},
},
},
plugins: [
addVariablesForColors,
function ({ matchUtilities, theme }: any) {
matchUtilities(
{
"bg-grid": (value: any) => ({
backgroundImage: `url("${svgToDataUri(
`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32" width="32" height="32" fill="none" stroke="${value}"><path d="M0 .5H31.5V32"/></svg>`,
)}")`,
}),
"bg-grid-small": (value: any) => ({
backgroundImage: `url("${svgToDataUri(
`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32" width="8" height="8" fill="none" stroke="${value}"><path d="M0 .5H31.5V32"/></svg>`,
)}")`,
}),
"bg-dot": (value: any) => ({
backgroundImage: `url("${svgToDataUri(
`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32" width="16" height="16" fill="none"><circle fill="${value}" id="pattern-circle" cx="10" cy="10" r="1.6257413380501518"></circle></svg>`,
)}")`,
}),
},
{
values: flattenColorPalette(theme("backgroundColor")),
type: "color",
},
);
},
],
} satisfies Config;
function addVariablesForColors({ addBase, theme }: any) {
let allColors = flattenColorPalette(theme("colors"));
let newVars = Object.fromEntries(
Object.entries(allColors).map(([key, val]) => [`--${key}`, val]),
);
addBase({
":root": newVars,
});
}
export default config;
```
--------------------------------------------------------------------------------
/docs/lib/inkeep-analytics.ts:
--------------------------------------------------------------------------------
```typescript
import { betterFetch } from "@better-fetch/fetch";
const INKEEP_ANALYTICS_BASE_URL = "https://api.analytics.inkeep.com";
export interface InkeepMessage {
id?: string;
role: "user" | "assistant" | "system";
content: string;
}
export interface InkeepConversation {
id?: string;
type: "openai";
messages: InkeepMessage[];
properties?: Record<string, any>;
userProperties?: Record<string, any>;
}
export interface InkeepFeedback {
type: "positive" | "negative";
messageId: string;
reasons?: Array<{
label: string;
details?: string;
}>;
}
export interface InkeepEvent {
type: string;
entityType: "message" | "conversation";
messageId?: string;
conversationId?: string;
}
function getApiKey(): string {
const apiKey =
process.env.INKEEP_ANALYTICS_API_KEY || process.env.INKEEP_API_KEY;
if (!apiKey) {
throw new Error(
"INKEEP_ANALYTICS_API_KEY or INKEEP_API_KEY environment variable is required",
);
}
return apiKey;
}
async function makeAnalyticsRequest(endpoint: string, data: any) {
const apiKey = getApiKey();
const { data: result, error } = await betterFetch(
`${INKEEP_ANALYTICS_BASE_URL}${endpoint}`,
{
method: "POST",
headers: {
Authorization: `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify(data),
},
);
if (error) {
throw new Error(
`Inkeep Analytics API error: ${error.status} ${error.message}`,
);
}
return result;
}
export async function logConversationToAnalytics(
conversation: InkeepConversation,
) {
return await makeAnalyticsRequest("/conversations", conversation);
}
export async function submitFeedbackToAnalytics(feedback: InkeepFeedback) {
return await makeAnalyticsRequest("/feedback", feedback);
}
export async function logEventToAnalytics(event: InkeepEvent) {
return await makeAnalyticsRequest("/events", event);
}
export async function logConversationToInkeep(messages: InkeepMessage[]) {
try {
const { data, error } = await betterFetch("/api/analytics/conversation", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({ messages }),
});
if (error) {
throw new Error(
`Failed to log conversation: ${error.status} - ${error.message}`,
);
}
return data;
} catch (error) {
return null;
}
}
export async function submitFeedbackToInkeep(
messageId: string,
type: "positive" | "negative",
reasons?: Array<{ label: string; details?: string }>,
) {
try {
const { data, error } = await betterFetch("/api/analytics/feedback", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({ messageId, type, reasons }),
});
if (error) {
throw new Error(
`Failed to submit feedback: ${error.status} - ${error.message}`,
);
}
return data;
} catch (error) {
console.error("Error in submitFeedbackToInkeep:", error);
return null;
}
}
export async function logEventToInkeep(
type: string,
entityType: "message" | "conversation",
messageId?: string,
conversationId?: string,
) {
try {
const { data, error } = await betterFetch("/api/analytics/event", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({ type, entityType, messageId, conversationId }),
});
if (error) {
throw new Error(
`Failed to log event: ${error.status} - ${error.message}`,
);
}
return data;
} catch (error) {
return null;
}
}
```
--------------------------------------------------------------------------------
/packages/cli/test/__snapshots__/auth-schema-sqlite-passkey.txt:
--------------------------------------------------------------------------------
```
import { sql } from "drizzle-orm";
import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
export const custom_user = sqliteTable("custom_user", {
id: text("id").primaryKey(),
name: text("name").notNull(),
email: text("email").notNull().unique(),
emailVerified: integer("email_verified", { mode: "boolean" })
.default(false)
.notNull(),
image: text("image"),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const custom_session = sqliteTable("custom_session", {
id: text("id").primaryKey(),
expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
token: text("token").notNull().unique(),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
ipAddress: text("ip_address"),
userAgent: text("user_agent"),
userId: text("user_id")
.notNull()
.references(() => custom_user.id, { onDelete: "cascade" }),
});
export const custom_account = sqliteTable("custom_account", {
id: text("id").primaryKey(),
accountId: text("account_id").notNull(),
providerId: text("provider_id").notNull(),
userId: text("user_id")
.notNull()
.references(() => custom_user.id, { onDelete: "cascade" }),
accessToken: text("access_token"),
refreshToken: text("refresh_token"),
idToken: text("id_token"),
accessTokenExpiresAt: integer("access_token_expires_at", {
mode: "timestamp_ms",
}),
refreshTokenExpiresAt: integer("refresh_token_expires_at", {
mode: "timestamp_ms",
}),
scope: text("scope"),
password: text("password"),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const custom_verification = sqliteTable("custom_verification", {
id: text("id").primaryKey(),
identifier: text("identifier").notNull(),
value: text("value").notNull(),
expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
createdAt: integer("created_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.notNull(),
updatedAt: integer("updated_at", { mode: "timestamp_ms" })
.default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const passkey = sqliteTable("passkey", {
id: text("id").primaryKey(),
name: text("name"),
publicKey: text("public_key").notNull(),
userId: text("user_id")
.notNull()
.references(() => custom_user.id, { onDelete: "cascade" }),
credentialID: text("credential_id").notNull(),
counter: integer("counter").notNull(),
deviceType: text("device_type").notNull(),
backedUp: integer("backed_up", { mode: "boolean" }).notNull(),
transports: text("transports"),
createdAt: integer("created_at", { mode: "timestamp_ms" }),
aaguid: text("aaguid"),
});
```